├── .circleci └── config.yml ├── .github ├── PULL_REQUEST_TEMPLATE.md └── workflows │ ├── debug.yml │ ├── openwrt.yml │ └── tests.yml ├── .gitignore ├── .gitmodules ├── .yamllint.yml ├── CHANGELOG.md ├── COPYING ├── INSTALL ├── LICENSE ├── Makefile ├── README.md ├── VERSION ├── autogen.sh ├── community.list ├── config.mak.in ├── configure.ac ├── contributors.txt ├── doc ├── Advanced.md ├── Authentication.md ├── Bridging.md ├── BuildConfig.md ├── Building.md ├── Communities.md ├── ConfigurationFiles.md ├── Crypto.md ├── Faq.md ├── Federation.md ├── Hacking.md ├── ManagementAPI.md ├── Routing.md ├── Scratchpad.md ├── Scripts.md ├── TapConfiguration.md ├── Tools.md └── TrafficRestrictions.md ├── edge.8 ├── examples ├── Makefile ├── example_edge_embed.c ├── example_edge_embed_quick_edge_init.c └── example_sn_embed.c ├── include ├── aes.h ├── auth.h ├── cc20.h ├── curve25519.h ├── header_encryption.h ├── hexdump.h ├── json.h ├── lzoconf.h ├── lzodefs.h ├── minilzo.h ├── n2n.h ├── n2n_define.h ├── n2n_port_mapping.h ├── n2n_regex.h ├── n2n_typedefs.h ├── n2n_wire.h ├── network_traffic_filter.h ├── pearson.h ├── portable_endian.h ├── random_numbers.h ├── sn_selection.h ├── speck.h ├── tf.h └── uthash.h ├── legacy ├── README.md ├── edge_keyschedule.c ├── gen_keyfile.py ├── n2n_keyfile.c ├── n2n_keyfile.h ├── transform_aes.c └── transform_tf.c ├── n2n.7 ├── packages ├── centos ├── debian │ ├── Makefile │ ├── README │ ├── configure │ ├── configure.ac │ └── debian │ │ ├── COPYRIGHT │ │ ├── README │ │ ├── changelog │ │ ├── compat │ │ ├── conffiles │ │ ├── control │ │ ├── dirs │ │ ├── docs │ │ ├── n2n.substvars │ │ ├── postinst │ │ ├── postrm │ │ ├── preinst │ │ ├── prerm │ │ ├── rules │ │ └── templates ├── etc │ ├── n2n │ │ ├── edge.conf.sample │ │ └── supernode.conf.sample │ └── systemd │ │ └── system │ │ ├── edge-ntopng@.service │ │ ├── edge.service │ │ ├── edge@.service │ │ └── supernode.service ├── openwrt │ ├── Makefile │ ├── README.md │ ├── config.bthh5a │ ├── config.n2n │ ├── config.x86 │ └── etc │ │ └── init.d │ │ ├── edge │ │ └── supernode ├── rpm │ ├── Makefile.in │ ├── configure │ ├── configure.in │ ├── n2n.spec.in │ └── rpm-sign.exp └── ubuntu ├── scripts ├── README.md ├── config.guess ├── config.sub ├── hack_fakeautoconf.sh ├── indent.sh ├── install-sh ├── munin │ └── n2n_ ├── n2n-ctl ├── n2n-gateway.sh ├── n2n-httpd ├── test_harness.sh ├── test_integration_edge.sh ├── test_integration_supernode.sh └── version.sh ├── src ├── aes.c ├── auth.c ├── cc20.c ├── curve25519.c ├── edge.c ├── edge_management.c ├── edge_utils.c ├── header_encryption.c ├── hexdump.c ├── json.c ├── management.c ├── management.h ├── minilzo.c ├── n2n.c ├── n2n_port_mapping.c ├── n2n_regex.c ├── network_traffic_filter.c ├── pearson.c ├── random_numbers.c ├── sn_management.c ├── sn_selection.c ├── sn_utils.c ├── speck.c ├── strbuf.h ├── supernode.c ├── tf.c ├── transform_aes.c ├── transform_cc20.c ├── transform_lzo.c ├── transform_null.c ├── transform_speck.c ├── transform_tf.c ├── transform_zstd.c ├── tuntap_freebsd.c ├── tuntap_linux.c ├── tuntap_netbsd.c ├── tuntap_osx.c ├── win32 │ ├── DotNet │ │ ├── n2n.sln │ │ ├── n2n.suo │ │ ├── n2n.vcproj │ │ └── supernode.vcproj │ ├── defs.h │ ├── edge.manifest │ ├── edge.rc │ ├── edge_utils_win32.c │ ├── edge_utils_win32.h │ ├── getopt.c │ ├── getopt.h │ ├── getopt1.c │ ├── n2n_win32.h │ ├── wintap.c │ └── wintap.h └── wire.c ├── supernode.1 ├── tests ├── test_integration_edge.sh.expected ├── test_integration_supernode.sh.expected ├── tests-auth.expected ├── tests-compress.expected ├── tests-elliptic.expected ├── tests-hashing.expected ├── tests-transform.expected ├── tests-wire.expected ├── tests_integration.list └── tests_units.list ├── tools ├── Makefile ├── n2n-benchmark.c ├── n2n-decode.c ├── n2n-keygen.c ├── n2n-portfwd.c ├── n2n-route.c ├── tests-auth.c ├── tests-compress.c ├── tests-elliptic.c ├── tests-hashing.c ├── tests-transform.c └── tests-wire.c ├── uncrustify.cfg └── wireshark ├── README.md └── n2n.lua /.circleci/config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: 2.1 3 | 4 | orbs: 5 | win: circleci/windows@2.4.0 6 | 7 | jobs: 8 | linux-gcc: 9 | machine: 10 | image: ubuntu-1604:201903-01 11 | steps: 12 | - checkout 13 | - run: 14 | name: Install Software 15 | command: | 16 | sudo apt-get update 17 | sudo apt-get install -y build-essential 18 | ./autogen.sh 19 | ./configure 20 | make build-dep 21 | make 22 | workflows: 23 | version: 2 24 | run-all: 25 | jobs: 26 | - linux-gcc 27 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please sign (check) the below before submitting the Pull Request: 2 | 3 | - [ ] I have signed the ntop Contributor License Agreement at https://github.com/ntop/legal/blob/main/individual-contributor-licence-agreement.md 4 | - [ ] I have updated the documentation (in doc/) to reflect the changes made (if applicable) 5 | 6 | Link to the related [issue](https://github.com/ntop/n2n/issues): 7 | 8 | 9 | Describe changes: 10 | 11 | 12 | -------------------------------------------------------------------------------- /.github/workflows/debug.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Debug 3 | 4 | # yamllint disable-line rule:truthy 5 | on: 6 | workflow_dispatch: 7 | 8 | jobs: 9 | 10 | # Oh, github, for a company that is built around the git VCS, how is it 11 | # that you have managed to break the repositories so much? 12 | # 13 | debug_github_repo: 14 | name: Debug Github Repo 15 | runs-on: ubuntu-latest 16 | 17 | steps: 18 | - uses: actions/checkout@v2 19 | with: 20 | fetch-depth: 0 21 | 22 | - name: Fix Checkout 23 | run: | 24 | git fetch --force --tags 25 | 26 | - name: Debug data output 27 | run: | 28 | echo ========== 29 | echo git status 30 | git status 31 | echo ========== 32 | echo git tag 33 | git tag 34 | echo ========== 35 | echo git describe 36 | git describe || true 37 | echo ========== 38 | echo git for-each-ref refs/heads 39 | git for-each-ref refs/heads 40 | echo ========== 41 | echo git for-each-ref refs/tags 42 | git for-each-ref refs/tags 43 | echo ========== 44 | echo ls .git/refs/heads 45 | ls .git/refs/heads 46 | echo ========== 47 | echo ls .git/refs/tags 48 | ls .git/refs/tags 49 | echo ========== 50 | TYPE=$(git cat-file -t $GITHUB_REF) 51 | echo REF=$GITHUB_REF 52 | echo TAGTYPE=$TYPE 53 | echo ========== 54 | echo git cat-file $TYPE $GITHUB_REF 55 | git cat-file $TYPE $GITHUB_REF 56 | -------------------------------------------------------------------------------- /.github/workflows/openwrt.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Openwrt Build 3 | 4 | # yamllint disable-line rule:truthy 5 | on: 6 | release: 7 | types: 8 | - published 9 | - created 10 | - edited 11 | push: 12 | branches: 13 | - openwrt 14 | 15 | workflow_dispatch: 16 | 17 | jobs: 18 | build: 19 | name: Build ipkg 20 | runs-on: ubuntu-latest 21 | 22 | defaults: 23 | run: 24 | working-directory: openwrt 25 | 26 | steps: 27 | - name: Checkout openwrt 28 | uses: actions/checkout@v3 29 | with: 30 | path: openwrt 31 | repository: openwrt/openwrt 32 | 33 | - name: Set openwrt ref 34 | run: | 35 | echo "OPENWRT_REF=$(git rev-parse --short HEAD)" >> $GITHUB_ENV 36 | git rev-parse --short HEAD 37 | 38 | - name: Checkout n2n 39 | uses: actions/checkout@v2 40 | with: 41 | path: n2n 42 | fetch-depth: 0 43 | 44 | - name: Fix Checkout 45 | run: | 46 | git fetch --force --tags 47 | working-directory: n2n 48 | 49 | - name: Set n2n ref 50 | run: | 51 | echo "N2N_REF=$(./scripts/version.sh)" >> $GITHUB_ENV 52 | ./scripts/version.sh 53 | working-directory: n2n 54 | 55 | - name: Copy n2n package definition into openwrt 56 | run: | 57 | cp -r n2n/packages/openwrt openwrt/package/n2n 58 | working-directory: ./ 59 | 60 | - name: Cache openwrt source downloads 61 | uses: actions/cache@v3 62 | with: 63 | path: openwrt/dl 64 | key: openwrt-dl-${{ env.OPENWRT_REF }} 65 | 66 | - name: Setup openwrt config and environment 67 | run: | 68 | echo "CONFIG_TARGET_x86=y" >.config 69 | echo "CONFIG_TARGET_x86_64=y" >>.config 70 | 71 | - name: Add n2n package to openwrt config 72 | run: | 73 | echo "CONFIG_PACKAGE_n2n-edge=m" >>.config 74 | echo "CONFIG_PACKAGE_n2n-supernode=m" >>.config 75 | 76 | - name: Build a full config from our stub file 77 | run: | 78 | make defconfig 79 | 80 | - name: Download openwrt sources 81 | run: | 82 | make download 83 | 84 | - name: Build openwrt build environment 85 | run: | 86 | make -j `nproc` tools/install toolchain/install 87 | 88 | - name: Build n2n dependancies 89 | run: | 90 | make -j `nproc` package/libs/libpcap/compile 91 | 92 | - name: Build n2n openwrt packages 93 | env: 94 | N2N_PKG_VERSION: ${{ env.N2N_REF }} 95 | run: | 96 | echo "Build for $N2N_PKG_VERSION" 97 | export N2N_PKG_VERSION 98 | make package/n2n/clean V=s 99 | make package/n2n/prepare USE_SOURCE_DIR=$GITHUB_WORKSPACE/n2n V=s 100 | make package/n2n/compile V=s 101 | 102 | # FIXME: add a way to run the test suite! 103 | # - name: Run embedded tests 104 | # run: make test 105 | 106 | - name: Upload built artifacts 107 | uses: actions/upload-artifact@v2 108 | with: 109 | name: built-ipkgs 110 | path: openwrt/bin/packages/*/base/*.ipk 111 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.o 2 | *.a 3 | *.gz 4 | *.exe 5 | configure 6 | config.log 7 | config.mak 8 | config.rpath 9 | config.status 10 | include/config.h 11 | include/config.h.in 12 | autom4te.cache 13 | edge 14 | example_edge_embed_quick_edge_init 15 | example_edge_embed 16 | example_sn_embed 17 | supernode 18 | tools/n2n-benchmark 19 | tools/n2n-decode 20 | tools/n2n-keygen 21 | tools/n2n-portfwd 22 | tools/n2n-route 23 | build 24 | .idea 25 | .vscode 26 | .vs 27 | packages/debian/debian/files 28 | *dSYM* 29 | 30 | __pycache__ 31 | 32 | # Binaries built to run tests 33 | tools/tests-auth 34 | tools/tests-compress 35 | tools/tests-elliptic 36 | tools/tests-hashing 37 | tools/tests-transform 38 | tools/tests-wire 39 | 40 | # Files generated while running tests 41 | tests/*.out 42 | 43 | # Files generated while running coverage reports 44 | *.gcno 45 | *.gcda 46 | *.gcov 47 | coverage/ 48 | 49 | # Files generated while running linting 50 | *.indent 51 | *.unc-backup.md5~ 52 | *.unc-backup~ 53 | 54 | # Empty files created by the openwrt build 55 | /.built 56 | /.built_check 57 | /.configured_* 58 | /.prepared 59 | /.quilt_checked 60 | /.source_dir 61 | /ABOUT-NLS 62 | /AUTHORS 63 | /ChangeLog 64 | /NEWS 65 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "thirdparty/miniupnp"] 2 | path = thirdparty/miniupnp 3 | url = https://github.com/miniupnp/miniupnp.git 4 | ignore = dirty 5 | [submodule "thirdparty/libnatpmp"] 6 | path = thirdparty/libnatpmp 7 | url = https://github.com/miniupnp/libnatpmp.git 8 | ignore = dirty 9 | -------------------------------------------------------------------------------- /.yamllint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | 4 | rules: 5 | # 80 chars should be enough, but don't fail if a line is longer 6 | line-length: 7 | max: 80 8 | level: warning 9 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## n2n 2.8 (August 2020) 4 | 5 | This release brings significant new features to n2n's crypto world and offers 6 | some compression opportunities. The added support for routing table manipulation 7 | might increase comfort. Besides further honing existing features, this release 8 | addresses some bugs. 9 | 10 | ### New Features 11 | 12 | * Two lightweight stream ciphers: ChaCha20 (optional, through OpenSSL) & SPECK (integrated) 13 | * Full Header Encryption (including packet checksumming as well as replay protection) 14 | * A callback interface to better integrate n2n in third party software (you can still use it stand-alone) 15 | * Enable the integrated LZO1x compression 16 | * Add optional ZSTD compression (through zstdlib) 17 | * Support for changing system routes at program start and end 18 | * User and group id parameter for supernode 19 | * Application of cryptography in n2n is seperately documented 20 | * Add a new pseudo random number generator with higher periodicity seeded with more entropy if available 21 | 22 | ### Improvements 23 | 24 | * Have AES and ChaCha20 use OpenSSL's `evp_*` interface to make better use of available hardware acceleration 25 | * Fix invalid sendto when supernode name resolution fails 26 | * Update to supernode's purge logic 27 | * Extended management supernode's port output 28 | * Fix read tap device failed when OS wakes up from sleep 29 | * Free choice of supernode's management UDP port (for multiple supernodes on one machine) 30 | * Additional trace messages to better indicate established connections and connection type 31 | * Fix edge's register-to-supernode loop 32 | * Remove redundant code 33 | * Restructure the code in directories 34 | * Clean-up platform-dependant code 35 | * Compile fixes for Windows 36 | * Fix build warnings 37 | * …and many more under-the-hood fixes and tunings 38 | 39 | ## n2n 2.6 (March 2020) 40 | 41 | The 2.6 release is mostly a maintenance release to address the issues 42 | of 2.4 that has been the first release since a long time of silence. 43 | 44 | ### New Features 45 | 46 | * AES encryption that features an overall speed bump (12x speed) and security with respect to Twofish used in the previous n2n version 47 | * Add ability to specify a whitelist of allowed communities on the supernode 48 | * Implement local peers discovery via multicast 49 | * Full peer-to-peer topology support. 50 | * Add support for multiple edge systemd services 51 | * Add benchmark tool for the encryption throughput 52 | * Implement packet stats for P2P vs supernode communication 53 | * Automatically drop privileges to user n2n 54 | * Add support for ARM64 build 55 | * More options to control MTU, P2P connections, TOS and log verbosity 56 | * Implement a wireshark dissector for the n2n protocol 57 | * Implement n2n-decode utility to decode and dump traffic to PCAP 58 | 59 | 60 | ### Improvements 61 | * Extensive Windows and OpenWRT support. 62 | * Windows compilation fixes and instructions 63 | * Instructions and makefile file to build n2n on OpenWRT 64 | * MacOS compilation fixes and instructions 65 | * Improve the connection stability and the chances to establish a P2P connection 66 | * Stable and more resilient connection. 67 | * Remove keyschedule support to simplify the encryption code 68 | * Replace peers linked list with hash table for faster lookup in big networks 69 | * Integrate the changes made in the meyerd fork of n2n 70 | * Remove calls to system() in tuntap_linux and use netlink instead 71 | * n2n version improvements 72 | 73 | ## n2n 2.4 (August 2018) 74 | 75 | This is the first release after 2012 and thus it is focusing mainly 76 | on making it work on current operating system versions, so that the 77 | next release will be based on modern code. 78 | 79 | ### New Features 80 | * Added deb/rpm packages 81 | * Added systemd configuration files 82 | * Added ability to read configuration files instead of using only the CLI (needed for packaging) 83 | * Added n2n Android app 84 | * Implemented simple API to embed n2n in applications (in addition to use it stand-alone) 85 | 86 | ### Improvements 87 | * Major code cleanup 88 | * Fixed compilation issues on MacOS 89 | * Fixed Linux segmentation fault 90 | -------------------------------------------------------------------------------- /INSTALL: -------------------------------------------------------------------------------- 1 | INSTALL 2 | 3 | To build the programs: 4 | 5 | $ make 6 | 7 | To install the programs and man pages: 8 | 9 | $ make install 10 | 11 | or 12 | 13 | $ make PREFIX=/usr/local install 14 | 15 | 16 | RPM Package 17 | ----------- 18 | 19 | These steps should work with RPM based Linux distributions since rpmbuild was 20 | split from the rpm utility (c RedHat 9). 21 | 22 | 23 | To build an RPM the easy way follow these steps. 24 | 25 | 1. Build SRPM 26 | 27 | $ cd n2n 28 | $ scripts/mk_SRPM.sh 29 | 30 | Look for where the src.rpm file was put ( "Wrote:" ). 31 | 32 | 2. Build binary RPM from SRPM 33 | 34 | $ rpm -i path/to/n2n-.src.rpm 35 | $ rpmbuild -bb n2n.spec 36 | 37 | 38 | All this can be done as non-root user if you have a ~/.rpmmacros file with this 39 | line in it: 40 | 41 | %_topdir /home/username/rpmtopdir 42 | 43 | 44 | To build an RPM the hard way follow these steps. 45 | 46 | $ cp -a n2ndir n2n-2.0 47 | $ tar czf n2n-2.0.tar.gz n2n-2.0 48 | $ mv n2n-2.0.tar.gz /usr/src/redhat/SOURCES 49 | $ cp n2ndir/n2n.spec /usr/src/redhat/SPECS 50 | $ rpmbuild -bb n2n.spec 51 | -------------------------------------------------------------------------------- /VERSION: -------------------------------------------------------------------------------- 1 | 3.1.1 2 | -------------------------------------------------------------------------------- /autogen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | rm -f include/config.h include/config.h.in include/config.h.in~ config.mak configure 4 | 5 | echo "Wait please..." 6 | autoreconf -if 7 | -------------------------------------------------------------------------------- /community.list: -------------------------------------------------------------------------------- 1 | # 2 | # List of allowed communities 3 | # --------------------------- 4 | # 5 | # these could either be fixed-name communities such as the following lines ... 6 | # 7 | mynetwork 8 | netleo 9 | # 10 | # ... or regular expressions that a community name must fully match 11 | # such as ntop[0-1][0-9] for communities from "ntop00" through "ntop19" 12 | # 13 | ntop[0-1][0-9] 14 | # 15 | # * Note that fixed-name communities may not contain one of the following characters 16 | # . * + ? [ ] \ 17 | # as otherwise, they are interpreted as regular expression 18 | # 19 | # * Only fixed-name communities are supported for header encryption (-H) 20 | # 21 | # * Regular expression support the following placeholders 22 | # '.' Dot, matches any character 23 | # '*' Asterisk, match zero or more (greedy) 24 | # '+' Plus, match one or more (greedy) 25 | # '?' Question, match zero or one (non-greedy) 26 | # '[abc]' Character class, match if one of {'a', 'b', 'c'} 27 | # '[^abc]' Inverted class, match if NOT one of {'a', 'b', 'c'} (feature is currently broken) 28 | # '[a-zA-Z]' Character ranges, the character set of the ranges { a-z | A-Z } 29 | # '\s' Whitespace, \t \f \r \n \v and spaces 30 | # '\S' Non-whitespace 31 | # '\w' Alphanumeric, [a-zA-Z0-9_] 32 | # '\W' Non-alphanumeric 33 | # '\d' Digits, [0-9] 34 | # '\D' Non-digits 35 | # 36 | # fixed-name communities can optionally be followed by a network using the 37 | # network/bitlen syntax such as the following line 38 | # 39 | home 192.168.168.0/24 40 | # 41 | # the supernode draws ip addresses to assign to the edges (if they omit the `-a` 42 | # parameter) from this network. note that the network is delimited by [SPACE] so 43 | # community names cannot contain [SPACE] either. 44 | # 45 | # if no network is provided here, the supernode assigns some other network to each 46 | # community. networks are taken from the default range 10.128.0.0 - 10.255.255.0/24 47 | # as long as no other network range is provided through the supernode's command line 48 | # option `-d`. those sub-networks are distinct so several edges with different 49 | # communities can be used at the same computer (being served ip addresses from the 50 | # same supernode). also, the sub-networks described in this file are avoided. 51 | # 52 | # however, all networks assigned in this file are not mutually checked for colliding 53 | # ranges so different communities can use same or overlapping sub-networks. that does 54 | # not impose a problem if the communities do not share edge nodes. 55 | # 56 | # there seems to be no sense in pre-assigning sub-networks to communities whose 57 | # names are defined by regular expressions. those will be assigned distinct 58 | # sub-networks from the default range or the `-d` range. 59 | # 60 | # if `-a` is used with the edge, the edge uses the ip address specified with the 61 | # `-a xxx.xxx.xxx.xxx` option. also, the enhanced syntax `-r -a dhcp:0.0.0.0` is 62 | # still available to have more professional needs served by a full dhcp server. 63 | # 64 | -------------------------------------------------------------------------------- /config.mak.in: -------------------------------------------------------------------------------- 1 | # Global configuration, included in top Makefile and exported from there. 2 | # @configure_input@ 3 | 4 | CONFIG_HOST=@host@ 5 | CONFIG_HOST_OS=@host_os@ 6 | CONFIG_PREFIX=@prefix@ 7 | 8 | PACKAGE_VERSION=@PACKAGE_VERSION@ 9 | 10 | CC=@CC@ 11 | AR=@AR@ 12 | WINDRES=@WINDRES@ 13 | EXE=@EXE@ 14 | 15 | CFLAGS=@CFLAGS@ 16 | LDFLAGS=@LDFLAGS@ 17 | LDLIBS_EXTRA=@LIBS@ 18 | -------------------------------------------------------------------------------- /configure.ac: -------------------------------------------------------------------------------- 1 | odnl> Do not add anything above 2 | AC_INIT([edge], m4_esyscmd([scripts/version.sh | tr -d '\n'])) 3 | dnl> Do not add anything above 4 | 5 | AC_DEFINE([PACKAGE_BUILDDATE], "[m4_esyscmd([scripts/version.sh date | tr -d '\n'])]", [Last change date]) 6 | 7 | # Older versions of the autotools expect to find install-sh here. 8 | AC_CONFIG_AUX_DIR(scripts) 9 | 10 | AC_CANONICAL_HOST 11 | AC_PROG_CC 12 | AC_CHECK_TOOL([AR], [ar], [false]) 13 | AC_CHECK_TOOL([WINDRES], [windres], [windres]) 14 | 15 | case "$host_os" in 16 | solaris*) 17 | # Was in Makefile with the test `uname` -eq "SunOS" 18 | # and comment "For OpenSolaris (Solaris too?)" 19 | LIBS="-lsocket -lnsl $LIBS" 20 | ;; 21 | mingw*) 22 | LIBS="-lnetapi32 -lws2_32 -liphlpapi $LIBS" 23 | EXE=".exe" 24 | ;; 25 | *) 26 | EXE="" 27 | ;; 28 | esac 29 | 30 | # This replicates the old config logic from the Makefile. 31 | # TODO: remove all this and just use the autotools default prefix 32 | # (which is "/usr/local") 33 | case "$host_os" in 34 | darwin*) 35 | ;; 36 | *) 37 | AC_PREFIX_DEFAULT(/usr) 38 | ;; 39 | esac 40 | 41 | # TODO: ideally, should use AC_ARG_ENABLE 42 | AC_ARG_WITH([edgex], 43 | AS_HELP_STRING([--with-edgex], [Build for Ubiquity-X]), 44 | [], [with_edgex=no]) 45 | AS_IF([test "x$with_edgex" != "xno"], 46 | [ 47 | AC_MSG_NOTICE([Please contact us with your use case]) 48 | CC=mipsel-linux-gnu-gcc 49 | AR=mipsel-linux-gnu-arzls 50 | ], 51 | ) 52 | 53 | # TODO: ideally, should use AC_ARG_ENABLE 54 | AC_ARG_WITH([zstd], 55 | AS_HELP_STRING([--with-zstd], [use zstd library]), 56 | [], [with_zstd=no]) 57 | AS_IF([test "x$with_zstd" != "xno"], 58 | [AC_CHECK_LIB([zstd], [ZSTD_compress],, 59 | [AC_MSG_ERROR([zstd library not found])] 60 | )], 61 | ) 62 | 63 | # TODO: ideally, should use AC_ARG_ENABLE 64 | AC_ARG_WITH([openssl], 65 | [AS_HELP_STRING([--with-openssl], [enable support for OpenSSL])], 66 | [], [with_openssl=no]) 67 | AS_IF([test "x$with_openssl" != xno], 68 | [AC_CHECK_LIB([crypto], [EVP_CIPHER_CTX_reset],, 69 | [AC_MSG_ERROR([openssl library not found])] 70 | )], 71 | ) 72 | 73 | AC_ARG_ENABLE([miniupnp], 74 | [AS_HELP_STRING([--enable-miniupnp], [support for miniupnp])], 75 | [], [enable_miniupnp=no]) 76 | AS_IF([test "x$enable_miniupnp" != xno], 77 | [AC_CHECK_LIB([miniupnpc], [upnpDiscover],, 78 | [AC_MSG_ERROR([miniupnp library not found])] 79 | )], 80 | ) 81 | 82 | AC_ARG_ENABLE([natpmp], 83 | [AS_HELP_STRING([--enable-natpmp], [support for natpmp])], 84 | [], [enable_natpmp=no]) 85 | AS_IF([test "x$enable_natpmp" != xno], 86 | [AC_CHECK_LIB([natpmp], [initnatpmp],, 87 | [AC_MSG_ERROR([natpmp library not found])] 88 | )], 89 | ) 90 | 91 | AC_ARG_ENABLE([pcap], 92 | [AS_HELP_STRING([--enable-pcap], [support for pcap])], 93 | [], [enable_pcap=no]) 94 | AS_IF([test "x$enable_pcap" != xno], 95 | [AC_CHECK_LIB([pcap], [pcap_set_immediate_mode],, 96 | [AC_MSG_ERROR([pcap library not found])] 97 | )], 98 | ) 99 | 100 | AC_ARG_ENABLE([cap], 101 | [AS_HELP_STRING([--enable-cap], [support for cap])], 102 | [], [enable_cap=no]) 103 | AS_IF([test "x$enable_cap" != xno], 104 | [AC_CHECK_LIB([cap], [cap_get_proc],, 105 | [AC_MSG_ERROR([cap library not found])] 106 | )], 107 | ) 108 | 109 | AC_ARG_ENABLE([pthread], 110 | [AS_HELP_STRING([--enable-pthread], [support for pthread])], 111 | [], [enable_pthread=no]) 112 | AS_IF([test "x$enable_pthread" != xno], 113 | [AC_CHECK_LIB([pthread], [pthread_mutex_trylock],, 114 | [AC_MSG_ERROR([pthread library not found])] 115 | )], 116 | ) 117 | 118 | 119 | AC_SUBST(host) 120 | AC_SUBST(host_os) 121 | AC_SUBST(EXE) 122 | AC_SUBST(WINDRES) 123 | AC_CONFIG_HEADERS(include/config.h) 124 | AC_CONFIG_FILES(config.mak) 125 | 126 | AC_OUTPUT 127 | -------------------------------------------------------------------------------- /contributors.txt: -------------------------------------------------------------------------------- 1 | Code contributions courtesy of: 2 | * Richard Andrews 3 | * Don Bindner 4 | * Sylwester Sosnowski 5 | * Wilfried "Wonka" Klaebe 6 | * Lukasz Taczuk 7 | * Alaric Snell-Pym 8 | * Babak Farrokhi [FreeBSD port] 9 | * Logan oos Even 10 | -------------------------------------------------------------------------------- /doc/Advanced.md: -------------------------------------------------------------------------------- 1 | # Advanced Configuration 2 | 3 | 4 | ## Configuration Files 5 | 6 | Read about [Configuration Files](ConfigurationFiles.md) as they might come in handy – especially, but not limited to, if edges or supernodes shall be run as a service (see below) or in case of bulk automated parameter generation for mass deployment. 7 | 8 | ## Running edge as a Service 9 | 10 | edge can also be run as a service instead of cli: 11 | 12 | 1. Edit `/etc/n2n/edge.conf` with your custom options. See `/etc/n2n/edge.conf.sample`. 13 | 2. Start the service: `sudo systemctl start edge` 14 | 3. Optionally enable edge start on boot: `sudo systemctl enable edge` 15 | 16 | You can run multiple edge service instances by creating `/etc/n2n/edge-instance1.conf` and 17 | starting it with `sudo systemctl start edge@instance1`. 18 | 19 | 20 | ## Communities 21 | 22 | You might be interested to learn some [details about Communities](Communities.md) and understand how to limit supernodes' services to only a specified set of communities. 23 | 24 | 25 | ## Federation 26 | 27 | It is available a special community which provides interconnection between supernodes. Details about how it works and how you can use it are available in [Federation](Federation.md). 28 | 29 | ## Virtual Network Device Configuration 30 | 31 | The [TAP Configuration Guide](TapConfiguration.md) contains hints on various settings that can be applied to the virtual network device, including IPv6 addresses as well as notes on MTU and on how to draw IP addresses from DHCP servers. 32 | 33 | 34 | ## Bridging and Routing the Traffic 35 | 36 | Reaching a remote network or tunneling all the internet traffic via n2n are two common tasks which require a proper routing setup. n2n supports routing needs by temporarily modifying the routing table (`tools/n2n-route`). Details can be found in the [Routing document](Routing.md). 37 | 38 | Also, n2n supports [Bridging](Bridging.md) of LANs, e.g. to connect otherwise un-connected LANs by an encrypted n2n tunnel on level 2. 39 | 40 | 41 | ## Traffic Restrictions 42 | 43 | It is possible to drop or accept specific packet transmit over edge network interface by rules. Rules can be specify by (`-R rule_str`) multiple times. Details can be found in the [Traffic Restrictions](TrafficRestrictions.md). 44 | -------------------------------------------------------------------------------- /doc/Bridging.md: -------------------------------------------------------------------------------- 1 | # Bridging (Linux) 2 | 3 | ## General Remarks 4 | 5 | `edge`s can be part of network bridges. As such, n2n can connect otherwise un-connected LANs. 6 | 7 | ## How To Use with `brctl` 8 | 9 | ... requires `-r` 10 | ... general syntax 11 | ... one example connecting two remote sites' LANs, including commands 12 | 13 | ## How it works 14 | 15 | ... remembers peer info MAC 16 | ... ageing 17 | ... internal MAC replaced inside usually encrypted packet data (no disclosure then) 18 | ... initial learning 19 | 20 | ## Broadcasts 21 | 22 | ... note on broadcast domain 23 | 24 | ## Compile Time Option 25 | 26 | The `-r`option at edge does not differentiate between the use cases _routing_ and _bridging_. In case the MAC-learning and MAC-replacing bridging code 27 | interfers with some special routing scenario, removal of the `#define HAVE_BRIDGING_SUPPORT` from `/include/n2n.h` file disables it at compile time. 28 | -------------------------------------------------------------------------------- /doc/Communities.md: -------------------------------------------------------------------------------- 1 | # Communities 2 | 3 | 4 | ## Names 5 | 6 | As communities designate virtual networks, they must be distinguishable from each other. Its their name that makes them distinguishable and which therefore should be unique per network. The community name is composed of 19 byte-sized characters and it internally always is terminated by an additional zero character totalling up to 20 characters. Hence, the zero character cannot be part of the regular community name. There are some other characters that cannot be used, namely `. * + ? [ ] \`. 7 | 8 | To make full use of character space, hex values could be used, e.g. from Linux bash applying the `edge … -c $(echo -en '\x3a\x3b\x4a\x6a\xfa') …` command line syntax. If used with a configuration file, the bytes must be directly filled as characters into a corresponding `-c :;Jjþ` line. 9 | 10 | Apart from command line `-c` and configuration file, the community name can be supplied through the `N2N_COMMUNITY` environment variable. This might prove useful to hide the community name from command line if used with header encryption enabled, see below. 11 | 12 | 13 | ## Restrict Supernode Access 14 | 15 | By default, a supernode offers its service to all communities and allows them to connect. If a self-setup supernode shall handle certain communities only, the supernode can be given a list of allowed communities. This list is a simple text file containg the allowed community names, one per line: 16 | 17 | ``` 18 | # community.list (a text file) 19 | ----------------------------------------------------- 20 | myCommunity 21 | yourCommunity 22 | ``` 23 | 24 | This file is provided to the supernode through the `-c community.list` command line parameter. This example would allow the supernode to only accept connections from communities called "myCommunity" and "yourCommunity", these are fixed-name communities. 25 | 26 | 27 | ## Somewhat Flexible Community Names 28 | 29 | If you want to allow all community names from a certain name range, e.g. from "myCommunity00" to "myCommunity99", the `community.list` file (or whatever you name it) could look as follows: 30 | 31 | ``` 32 | # community.list (a text file) 33 | ----------------------------------------------------- 34 | myCommunity[0-9][0-9] 35 | ``` 36 | 37 | Advanced users recognize the so called regular expression. To prevent users from stop reading, the author did not dare to name this section "Regular Expressions". Anyway, community names can be provided as regular expressions using the following placeholders: 38 | 39 | ``` 40 | '.' Dot, matches any character 41 | '*' Asterisk, match zero or more of previous element (greedy) 42 | '+' Plus, match one or more of previous element (greedy) 43 | '?' Question, match zero or one (non-greedy) 44 | '[abc]' Character class, match if one of {'a', 'b', 'c'} 45 | '[^abc]' Inverted class, match if NOT one of {'a', 'b', 'c'} (feature is currently broken) 46 | '[a-zA-Z]' Character ranges, the character set of the ranges { a-z | A-Z } 47 | '\s' Whitespace, \t \f \r \n \v and spaces 48 | '\S' Non-whitespace 49 | '\w' Alphanumeric, [a-zA-Z0-9_] 50 | '\W' Non-alphanumeric 51 | '\d' Digits, [0-9] 52 | '\D' Non-digits 53 | ``` 54 | 55 | Knowing this, we can as well express the exemplary `community.list` above the following way: 56 | 57 | ``` 58 | # community.list (a text file) 59 | ----------------------------------------------------- 60 | myCommunity\d\d 61 | ``` 62 | 63 | Also, as the `. * + ? [ ] \` characters indicate parts of regular expressions, we now understand why those are not allowed in fixed-name community names. 64 | 65 | 66 | ## Header Encryption 67 | 68 | By default, the community name is transmitted in plain witch each packet. So, a fixed-name community might keep your younger siblings out of your community (as long as they do not know the community name) but sniffing attackers will find out the community name. Using this name, they will be able to access it by just connecting to the supernode then. 69 | 70 | [Header encryption](Crypto.md#header) can be enabled to prevent plain transmission. It is important to understand that header encryption, if enabled, only works on fixed-name communities. It will not work on community names described by regular expressions. 71 | 72 | On the other hand, the provision of fixed-name communities blocks all other, non-listed communities. To allow a mixed operation of certain encrypted and hence fixed-name communities along with all other open communities, the following "trick" can be applied: 73 | 74 | ``` 75 | # community.list (a text file) 76 | ----------------------------------------------------- 77 | mySecretCom 78 | .* 79 | ``` 80 | 81 | This is not really a trick but just making use of a very permissive regular expression at the second line. 82 | -------------------------------------------------------------------------------- /doc/ConfigurationFiles.md: -------------------------------------------------------------------------------- 1 | # Configuration Files 2 | 3 | To help deployment and better handle locally different configurations, n2n supports the optional use of configuration files for `edge` and `supernode`. 4 | 5 | They are plain text files and contain the desired command line options, **one per line**. 6 | 7 | The exemplary command line 8 | 9 | ```bash 10 | sudo edge -c mynetwork -k mysecretpass -a 192.168.100.1 -f -l supernode.ntop.org:7777 11 | ``` 12 | 13 | translates into the following `edge.conf` file: 14 | 15 | ``` 16 | -c mynetwork 17 | -k mysecretpass 18 | -a 192.168.100.1 19 | -f 20 | -l supernode.ntop.org:7777 21 | -A5 22 | ``` 23 | 24 | which can be loaded by 25 | 26 | ``` 27 | sudo ./edge edge.conf 28 | ``` 29 | 30 | Comment lines starting with a hash '#' are ignored. 31 | 32 | ``` 33 | # automated edge configuration 34 | # created by bot7 35 | # on April 31, 2038 – 1800Z 36 | -c mynetwork 37 | -k mysecretpass 38 | -a 192.168.100.1 39 | -f 40 | -A5 41 | # --- supernode section --- 42 | -l supernode.ntop.org:7777 43 | ``` 44 | 45 | Long options can be used as well. Please note the double minus/dash-character `--`, just like you would use them on the command line with long options: 46 | 47 | ``` 48 | --community mynetwork 49 | -k mysecretpass 50 | -a 192.168.100.1 51 | -f 52 | -A5 53 | -l supernode.ntop.org:7777 54 | ``` 55 | 56 | If using a configuration file, its filename needs to be supplied as first parameter to `edge` or `supernode`. If required, additional command line parameters can be supplied afterwards: 57 | 58 | ``` 59 | sudo edge edge.conf -z1 -I myComputer 60 | ``` 61 | 62 | Finally, the `.conf` file syntax also allows `=` between parameter and its option: 63 | 64 | ``` 65 | -c=mynetwork 66 | -k=mysecretpass 67 | -a=192.168.100.1 68 | -f 69 | -A5 70 | -l=supernode.ntop.org:7777 71 | ``` 72 | 73 | When used with `=`, there is no whitespace allowed between parameter, delimiter (`=`), and option. So, do **not** put `-c = mynetwork` – it is required to be `-c=mynetwork`. 74 | -------------------------------------------------------------------------------- /doc/Federation.md: -------------------------------------------------------------------------------- 1 | # Supernode Federation 2 | 3 | ## Idea 4 | To enhance resilience in terms of backup and fail-over, also for load-balancing, multiple supernodes can easily interconnect and form a special community, called **federation**. 5 | 6 | 7 | ## Using Multiple Supernodes 8 | 9 | ### Form a Federation 10 | 11 | To form a federation, multiple supernodes need to be aware of each other. To get them connected, an additional `-l` option from command line is required at the supernode. 12 | 13 | This option takes the IP address (or name) and the UDP port of another known supernode, e.g. `-l 192.168.1.1:1234`. 14 | 15 | ### Use a Federation 16 | 17 | Federated supernodes take care of propagating their knowledge about other supernodes to all other supernodes and the edges. 18 | 19 | So, in the first place, edges only need to connect to one supernode (called anchor supernode) using `-l` option. This supernode needs to be present at start-up. 20 | 21 | Optionally, more anchor supernodes of the same federation can be provided to an edge using several `-l` options. This will counter scenarios with reduced assured initial supernode availability. 22 | 23 | ## How It Works 24 | 25 | Supernodes should be able to communicate among each other as regular edges already do. For this purpose, a special community called federation was introduced. The federation feature provides some mechanisms to inter-connect the supernodes of the network enhancing backup, fail-over and load-sharing, without any visible behavioral change. 26 | 27 | The default name for the federation is `*Federation`. Internally, a mandatory special character is prepended to the name: that way, an edge won't be able to provide a regular community with the same name of the federation. Optionally, a user can choose a federation name (same on all supernodes) and provide it via `-F mySecretFed` option to the supernode. Alternatively, the federation name can be passed through the environment variable `N2N_FEDERATION`. 28 | 29 | Federated supernodes register to each other using REGISTER_SUPER message type. The answer, REGISTER_SUPER_ACK, contains a payload with information about other supernodes in the network. 30 | 31 | This specific mechanism is also used during the registration process taking place between edges and supernodes, so edges are able to learn about other supernodes. 32 | 33 | Once edges have received this information, it is up to them choosing the supernode they want to connect to. Each edge pings supernodes from time to time and receives information about them inside the answer. We decided to implement a work-load based selection strategy because it is more in line with the idea of keeping the workload low on supernodes. Moreover, this way, the entire network load is evenly distributed among all available supernodes. 34 | 35 | An edge connects to the supernode with the lowest work-load and it is re-considered from time to time, with each re-registration. We use a stickyness factor to avoid too much jumping between supernodes. 36 | 37 | Thanks to this feature, n2n is now able to handle security attacks such as DoS against supernodes and it can redistribute the entire load of the network in a fair manner between all the supernodes. 38 | 39 | To serve scenarios in which an edge is supposed to select the supernode by round trip time, i.e. choosing the "closest" one, the `--select-rtt` command line option is available at the edge. Note, that workload distribution among supernodes might not be so fair then. 40 | 41 | Furthermore, `--select-mac` would switch to a MAC address based selection strategy choosing the supernode active with the lowest MAC address. 42 | -------------------------------------------------------------------------------- /doc/Scratchpad.md: -------------------------------------------------------------------------------- 1 | # n2n's Scratchpad 2 | 3 | ## RPM Packaging 4 | 5 | ``` 6 | bash 7 | ./autogen.sh 8 | ./configure 9 | make 10 | 11 | cd packages/rpm 12 | ./configure 13 | rpmbuild -bb ./n2n.spec 14 | ``` 15 | 16 | 17 | ## Version Update 18 | 19 | - change `VERSION` file to new version, e.g. `4.0.1` 20 | - `git add VERSION` 21 | - `git commit -m "moved to version 4.0.1"` 22 | - `git tag -a 4.0.1 -m "moved to version 4.0.1"` 23 | - `git push --tags` 24 | 25 | 26 | ## Draft changelog between 3.0 and 3.2 (as of 2022) 27 | 28 | ### New Features 29 | 30 | - Enhanced management port JSON interface to let n2n interact with external tools 31 | - Added `n2n-route` tool (Linux only so far) 32 | - Introduced `n2n-portfwd` tool to support UPnP and PMP port forwarding 33 | - Furthered the build system 34 | 35 | ### Improvements 36 | 37 | - Fixed a federation related bug 38 | - Code clean-up 39 | 40 | 41 | 42 | 43 | -------------------------------------------------------------------------------- /doc/Scripts.md: -------------------------------------------------------------------------------- 1 | # Scripts 2 | 3 | There are a number of useful scripts included with the distribution. 4 | Some of these scripts are only useful during build and development, but 5 | other scripts are intended for end users to be able to use. These scripts 6 | may be installed with n2n as part of your operating system package. 7 | 8 | All scripts can be found in the `scripts` directory. 9 | 10 | Short descriptions of these scripts are below. 11 | 12 | ## End user scripts 13 | 14 | ### `n2n-ctl` 15 | 16 | This python script provides an easy command line interface to the running 17 | n2n processes. It uses UDP communications to talk to the Management API. 18 | By specifying the right UDP port, it can talk to both the edge and the 19 | supernode daemons. 20 | 21 | Example: 22 | - `scripts/n2n-ctl --help` 23 | - `scripts/n2n-ctl help` 24 | 25 | ### `n2n-httpd` 26 | 27 | This python script is a simple http gateway to the running edge. It provides 28 | a proxy for REST-like HTTP requests to talk to the Management API. 29 | 30 | By default it runs on port 8080. 31 | 32 | It also provides a simple HTML page showing some edge information, which when 33 | run with default settings can be seen at http://localhost:8080/ (Also 34 | a http://localhost:8080/supernode.html page for the supernode) 35 | 36 | Example: 37 | - `scripts/n2n-httpd --help` 38 | - `scripts/n2n-httpd 8087` 39 | 40 | ## Build and Development scripts 41 | 42 | ### `hack_fakeautoconf.sh` 43 | 44 | This shell script is used during development to help build on Windows 45 | systems. An example of how to use it is shown in 46 | the [Building document](Building.md) 47 | 48 | ### `indent.sh` 49 | 50 | This shell script is a wrapper for the `uncrustify` C code style checker 51 | which checks or applies a set of rules to the code. It is used during 52 | the automated lint checks. 53 | 54 | ### `n2n-gateway.sh` 55 | 56 | A sample script to route all the host traffic towards a remote gateway, 57 | which is reachable via the n2n virtual interface. 58 | 59 | ### `version.sh` 60 | 61 | This script is used to determine the current version number during the 62 | build process. 63 | 64 | It looks at both the VERSION file and the GIT tags and outputs the 65 | version number to use. 66 | 67 | ## Monitoring and statistics 68 | 69 | ### `munin/n2n_` 70 | 71 | This is a simple monitoring script that can be used with the munin-node 72 | system to monitor the n2n daemons. 73 | 74 | This is a fully autoconfigurable wildcard munin plugin, but to get a quick 75 | sample: 76 | 77 | get a list of suggested plugin names: 78 | ``` 79 | munin/n2n_ suggest 80 | ``` 81 | 82 | Enable some of those names: 83 | 84 | ``` 85 | ln -s /usr/share/munin/plugins/n2n_ /etc/munin/plugins/n2n_supernode_pkts 86 | ln -s /usr/share/munin/plugins/n2n_ /etc/munin/plugins/n2n_supernode_counts 87 | ``` 88 | 89 | Manually test fetching and config: 90 | 91 | ``` 92 | /etc/munin/plugins/n2n_supernode_pkts 93 | /etc/munin/plugins/n2n_supernode_pkts config 94 | ``` 95 | 96 | ## Testing scripts 97 | 98 | ### `test_harness.sh` 99 | 100 | This shell script is used to run automated tests during development. It is 101 | run with a testlist filename - pointing at a file containing the list of 102 | tests to run. 103 | 104 | Each test needs a file containing the expected output `${TESTNAME}.expected` 105 | which is expected to exist in the same directory as the testlist (this dir is 106 | referred to as `${listdir}` below). 107 | 108 | Each test is a program, searched for in several locations, including the 109 | `${listdir}/../scripts` dir. 110 | 111 | Each test is run with its output being sent to `*.out` files in the `listdir` 112 | and compared with the expected output. 113 | 114 | ### `scripts/test_integration_supernode.sh` 115 | 116 | This starts a supernode and runs an integration test on the Json API using 117 | the `n2n-ctl` command. 118 | -------------------------------------------------------------------------------- /doc/Tools.md: -------------------------------------------------------------------------------- 1 | # Tools 2 | 3 | There are a number of handy tools coming with n2n extending fumction and 4 | user experience or just prove helpful during build and development. 5 | 6 | All tools can be found in the `tools` directory. 7 | 8 | ## End User Tools 9 | 10 | ### `n2n-benchmark` 11 | 12 | This C tool has n2n's basic transforms (the ciphers, compression, hash) 13 | crunch a test packet and outputs the measured throughput. You might observe 14 | differences depending on compiler optimizations or enabled hardware support, 15 | see [build configuration](BuildConfig.md). 16 | 17 | Example: 18 | - `tools/n2n-benchmark` 19 | 20 | ### `n2n-route` 21 | 22 | This C tool sets new routes for all the traffic to be routed via a VPN gateway 23 | (another edge) and polls the management port of a local n2n edge for adding 24 | appropriate routes to supernodes and peers via the original default gateway. 25 | 26 | The tool can auto-detect the default gateway and also has options to only route 27 | traffic to some specified networks through the VPN gateway. 28 | 29 | Make sure to run with sufficient rights to let the tool add and delete routes. 30 | 31 | More general information can be found in the [routing document](Routing.md) 32 | including hints how to setup the remote edge (IP routing, masquerading). 33 | 34 | Example: 35 | - `tools/n2n-route ` 36 | - `tools/n2n-route -n 10.10.10.0/24 ` 37 | - `tools/n2n-route -n 8.8.8.8/32:192.168.0.5 ` 38 | 39 | ### `n2n-portfwd` 40 | 41 | This C tool uses UPnP and/or PMP to have a local router forward the edge port. 42 | The program polls a local edge's management port and takes apporpriate action. 43 | 44 | Note that n2n needs to be compiled with the corresponding options enabled, e.g. 45 | 46 | ``` 47 | ./configure --enable-miniupnp --enable-natpmp 48 | ``` 49 | 50 | Also see [build configuration](BuildConfig.md). 51 | 52 | Example: 53 | - `tools/n2n-portfwd` 54 | 55 | 56 | ## Build and Development Tools 57 | 58 | ### `tests-*` 59 | 60 | These C programs run certain parts of n2n with pre-defined data and output 61 | the results. The expected results can be found in the `tests/` directory 62 | following the `tests-*.expected` naming scheme. 63 | 64 | The `test_*` [scripts](Scripts.md) residing inside the `scripts/` directory 65 | compare test output and expected results to quickly show deviations, helpful 66 | when on bug hunt. 67 | 68 | Example: 69 | - `tools/tests-transforms` 70 | 71 | ### `n2n-decode` 72 | 73 | This C tool intends to decrypt captured n2n traffic when all keys are provided. 74 | Its development unfortunately did not follow main n2n's pace after version 2.8 75 | and thus is not up to date. 76 | 77 | Contributions to help lifting it to match version 3.x traffic are very welcome. 78 | -------------------------------------------------------------------------------- /doc/TrafficRestrictions.md: -------------------------------------------------------------------------------- 1 | # Traffic Restrictions 2 | 3 | It is possible to drop or accept specific packet transmit over edge network interface by rules. Rules can be specify by (`-R rule_str`) multiple times. 4 | 5 | ## Rule String Format 6 | 7 | rule_str format: `src_ip/len:[b_port,e_port],dst_ip/len:[s_port,e_port],TCP+/-,UDP+/-,ICMP+/-` 8 | 9 | `ip/len` indicate a cidr block, len can be ignore, means single ip (not cidr block) will be use in filter rule. 10 | 11 | `+`,`-` after `TCP`,`UDP`,`ICMP` proto type indicate allow or drop packet of that proto. if any of above three proto missed, the rule will not take effect for that proto. 12 | 13 | Ports range `[s_port,e_port]` can be instead by single port number. If not specify, `[0,65535]` will be used. Ports range include start_port and end_port. 14 | 15 | examples: 16 | `192.168.1.5/32:[0,65535],192.168.0.0/24:[8081,65535],TCP-,UDP-,ICMP+` 17 | `192.168.1.5:[0,65535],192.168.0.0/24:8000,ICMP+` 18 | `192.168.1.5,192.168.0.7,TCP-,UDP-,ICMP-` // packets by all proto of all ports from 192.158.1.5 to any ports of 192.168.0.7 will be dropped. 19 | 20 | ## Multiple Rules 21 | 22 | `-R rule_str` can be used multiple times to add multiple rules. Each `-R rule_str` add one rule. for example: 23 | 24 | `edge -c xxxx -k xxxx -a 192.168.100.5 -l xxx.xxx.xxx.xxx:1234 -r -R 192.168.1.5/32:[0,65535],192.168.0.0/24:[8081,65535],TCP-,UDP-,ICMP+ -R 192.168.1.5:[0,65535],192.168.0.0/24:8000,ICMP+ -R 192.168.1.5,192.168.0.7,TCP-` 25 | 26 | ## Matching Rules Priority 27 | 28 | If multiple rules matching packet's ips and ports, the rule with smaller cidr block(smaller address space) will be selected. That means rules with larger `len` value has higher priority. 29 | 30 | Actually, current implementation will add the `len` of src cidr and dst cidr of each matched rules as priority value, the rule with largest priority value will take effect. 31 | 32 | ## Blocklist/Allowlist mode 33 | 34 | Packets that cannot match any rule will be accepted by default. Users can add rules to block traffics. 35 | 36 | This behavior can be change by add the rule : `0.0.0.0/0:[0,65535],0.0.0.0/0:[0,65535],TCP-,UDP-,ICMP-`. Then all traffic will be dropped, users need add rules to allow traffics. 37 | 38 | for example, `-R 0.0.0.0/0,0.0.0.0/0,TCP-,UDP-,ICMP- -R 192.168.100.0/24,192.168.100.0/24,ICMP+` dropped all traffic, except ICMP traffics inside `192.168.100.0/24`. 39 | 40 | More complex behavior can be set with the feature of `Matching Rules Priority`. 41 | 42 | -------------------------------------------------------------------------------- /examples/Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # These examples are intended to show how to use the libn2n as an embedded 3 | # service within other software. 4 | # 5 | 6 | EXAMPLES+=example_edge_embed_quick_edge_init 7 | EXAMPLES+=example_edge_embed 8 | EXAMPLES+=example_sn_embed 9 | 10 | all: $(EXAMPLES) 11 | 12 | CFLAGS+=-I../include 13 | LDFLAGS+=-L../ 14 | 15 | example_edge_embed_quick_edge_init: ../libn2n.a 16 | example_sn_embed: ../libn2n.a 17 | example_edge_embed: ../libn2n.a 18 | 19 | clean: 20 | rm -f $(EXAMPLES) 21 | -------------------------------------------------------------------------------- /examples/example_edge_embed.c: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | 20 | #include 21 | #include // for snprintf, NULL 22 | #include // for exit 23 | #include "n2n.h" // for n2n_edge_conf_t, edge_conf_add_supernode, edge_init 24 | 25 | 26 | static bool keep_running = true; 27 | 28 | int main() { 29 | 30 | n2n_edge_conf_t conf; 31 | tuntap_dev tuntap; 32 | n2n_edge_t *eee; 33 | int rc; 34 | 35 | edge_init_conf_defaults(&conf); 36 | conf.allow_p2p = 1; // Whether to allow peer-to-peer communication 37 | conf.allow_routing = 1; // Whether to allow the edge to route packets to other edges 38 | snprintf((char *)conf.community_name, sizeof(conf.community_name), "%s", "mycommunity"); // Community to connect to 39 | conf.disable_pmtu_discovery = 1; // Whether to disable the path MTU discovery 40 | conf.drop_multicast = 0; // Whether to disable multicast 41 | conf.tuntap_ip_mode = TUNTAP_IP_MODE_SN_ASSIGN; // How to set the IP address 42 | conf.encrypt_key = "mysecret"; // Secret to decrypt & encrypt with 43 | conf.local_port = 0; // What port to use (0 = any port) 44 | conf.mgmt_port = N2N_EDGE_MGMT_PORT; // Edge management port (5644 by default) 45 | conf.register_interval = 1; // Interval for both UDP NAT hole punching and supernode registration 46 | conf.register_ttl = 1; // Interval for UDP NAT hole punching through supernode 47 | edge_conf_add_supernode(&conf, "localhost:1234"); // Supernode to connect to 48 | conf.tos = 16; // Type of service for sent packets 49 | conf.transop_id = N2N_TRANSFORM_ID_TWOFISH; // Use the twofish encryption 50 | 51 | if(edge_verify_conf(&conf) != 0) { 52 | return -1; 53 | } 54 | 55 | if(tuntap_open(&tuntap, 56 | "edge0", // Name of the device to create 57 | "static", // IP mode; static|dhcp 58 | "10.0.0.1", // Set ip address 59 | "255.255.255.0", // Netmask to use 60 | "DE:AD:BE:EF:01:10", // Set mac address 61 | DEFAULT_MTU, // MTU to use 62 | 0 // Metric - unused in n2n on most OS 63 | ) < 0) 64 | { 65 | return -1; 66 | } 67 | 68 | eee = edge_init(&conf, &rc); 69 | if(eee == NULL) { 70 | exit(1); 71 | } 72 | 73 | eee->keep_running = &keep_running; 74 | rc = run_edge_loop(eee); 75 | 76 | edge_term(eee); 77 | tuntap_close(&tuntap); 78 | 79 | return rc; 80 | } 81 | -------------------------------------------------------------------------------- /examples/example_edge_embed_quick_edge_init.c: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | 20 | #include 21 | #include "n2n.h" // for quick_edge_init, setTraceLevel 22 | #include "random_numbers.h" // for n2n_seed, n2n_srand 23 | 24 | 25 | /* 26 | This tool demonstrates how to easily embed 27 | n2n on an existing application 28 | */ 29 | 30 | int main (int argc, char* argv[]) { 31 | 32 | char *device_name = (char*)"n2n0"; 33 | char *network_name = (char*)"mynetwork"; 34 | char *secret_key = (char*)"mysecret"; 35 | char *my_mac_address = (char*)"DE:AD:BE:EF:01:10"; 36 | char *my_ipv4_addr = (char*)"1.2.3.4"; 37 | char *supernode = (char*)"7.8.9.10:1234"; 38 | bool keep_on_running = true; 39 | 40 | /* Increase tracelevel to see what's happening */ 41 | setTraceLevel(10); 42 | 43 | /* Random seed */ 44 | n2n_srand(n2n_seed()); 45 | 46 | /* 47 | NOTE 48 | 49 | As the function below won't end, you should 50 | call it inside a separate thread 51 | */ 52 | return(quick_edge_init(device_name, 53 | network_name, 54 | secret_key, 55 | my_mac_address, 56 | my_ipv4_addr, 57 | supernode, 58 | &keep_on_running)); 59 | } 60 | -------------------------------------------------------------------------------- /examples/example_sn_embed.c: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | 20 | #include 21 | #include // for exit 22 | #include "n2n.h" // for n2n_sn_t, open_socket, run_sn_loop, sn_init 23 | 24 | #ifdef _WIN32 25 | #include 26 | #else 27 | #include // for INADDR_ANY, INADDR_LOOPBACK 28 | #endif 29 | 30 | 31 | static bool keep_running = true; 32 | 33 | int main () { 34 | 35 | n2n_sn_t sss_node; 36 | int rc; 37 | 38 | sn_init_defaults(&sss_node); 39 | sss_node.daemon = 0; // Whether to daemonize 40 | sss_node.lport = 1234; // Main UDP listen port 41 | 42 | sss_node.sock = open_socket(sss_node.lport, INADDR_ANY, 0 /* UDP */); 43 | if(-1 == sss_node.sock) { 44 | exit(-2); 45 | } 46 | 47 | sss_node.mgmt_sock = open_socket(5645, INADDR_LOOPBACK, 0 /* UDP */); // Main UDP management port 48 | if(-1 == sss_node.mgmt_sock) { 49 | exit(-2); 50 | } 51 | 52 | sn_init(&sss_node); 53 | 54 | sss_node.keep_running = &keep_running; 55 | rc = run_sn_loop(&sss_node); 56 | 57 | sn_term(&sss_node); 58 | 59 | return rc; 60 | } 61 | -------------------------------------------------------------------------------- /include/aes.h: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | 20 | #ifndef AES_H 21 | #define AES_H 22 | 23 | 24 | #include 25 | #include 26 | 27 | #include "portable_endian.h" 28 | 29 | #define AES_BLOCK_SIZE 16 30 | #define AES_IV_SIZE (AES_BLOCK_SIZE) 31 | 32 | #define AES256_KEY_BYTES (256/8) 33 | #define AES192_KEY_BYTES (192/8) 34 | #define AES128_KEY_BYTES (128/8) 35 | 36 | 37 | #ifdef HAVE_LIBCRYPTO // openSSL 1.1 --------------------------------------------------------------------- 38 | 39 | #include 40 | #include 41 | #include 42 | 43 | typedef struct aes_context_t { 44 | EVP_CIPHER_CTX *enc_ctx; /* openssl's reusable evp_* en/de-cryption context */ 45 | EVP_CIPHER_CTX *dec_ctx; /* openssl's reusable evp_* en/de-cryption context */ 46 | const EVP_CIPHER *cipher; /* cipher to use: e.g. EVP_aes_128_cbc */ 47 | uint8_t key[AES256_KEY_BYTES]; /* the pure key data for payload encryption & decryption */ 48 | AES_KEY ecb_dec_key; /* one step ecb decryption key */ 49 | } aes_context_t; 50 | 51 | #elif defined (__AES__) && defined (__SSE2__) // Intel's AES-NI --------------------------------------------------- 52 | 53 | #include 54 | 55 | typedef struct aes_context_t { 56 | __m128i rk_enc[15]; 57 | __m128i rk_dec[15]; 58 | int Nr; 59 | } aes_context_t; 60 | 61 | #else // plain C -------------------------------------------------------------------------------------------------- 62 | 63 | typedef struct aes_context_t { 64 | uint32_t enc_rk[60]; // round keys for encryption 65 | uint32_t dec_rk[60]; // round keys for decryption 66 | int Nr; // number of rounds 67 | } aes_context_t; 68 | 69 | #endif // --------------------------------------------------------------------------------------------------------- 70 | 71 | 72 | int aes_cbc_encrypt (unsigned char *out, const unsigned char *in, size_t in_len, 73 | const unsigned char *iv, aes_context_t *ctx); 74 | 75 | int aes_cbc_decrypt (unsigned char *out, const unsigned char *in, size_t in_len, 76 | const unsigned char *iv, aes_context_t *ctx); 77 | 78 | int aes_ecb_decrypt (unsigned char *out, const unsigned char *in, aes_context_t *ctx); 79 | 80 | int aes_init (const unsigned char *key, size_t key_size, aes_context_t **ctx); 81 | 82 | int aes_deinit (aes_context_t *ctx); 83 | 84 | 85 | #endif // AES_H 86 | -------------------------------------------------------------------------------- /include/auth.h: -------------------------------------------------------------------------------- 1 | /* 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not, see 16 | * 17 | */ 18 | 19 | 20 | #ifndef AUTH_H 21 | #define AUTH_H 22 | 23 | 24 | #include // for size_t 25 | #include // for uint8_t, uint32_t 26 | #include "n2n.h" // for n2n_private_public_key_t, n2n_community_t, N2N_A... 27 | 28 | 29 | int bin_to_ascii (char *out, uint8_t *in, size_t in_len); 30 | 31 | int ascii_to_bin (uint8_t *out, char *in); 32 | 33 | int generate_private_key (n2n_private_public_key_t key, char *in); 34 | 35 | int generate_public_key (n2n_private_public_key_t pub, n2n_private_public_key_t prv); 36 | 37 | int generate_shared_secret (n2n_private_public_key_t shared, n2n_private_public_key_t prv, n2n_private_public_key_t pub); 38 | 39 | int bind_private_key_to_username (n2n_private_public_key_t prv, char *username); 40 | 41 | int calculate_dynamic_key (uint8_t out_key[N2N_AUTH_CHALLENGE_SIZE], 42 | uint32_t key_time, n2n_community_t comm, n2n_community_t fed); 43 | 44 | 45 | #endif 46 | -------------------------------------------------------------------------------- /include/cc20.h: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | 20 | #ifndef CC20_H 21 | #define CC20_H 22 | 23 | 24 | #include // for size_t 25 | #include // for uint32_t, uint8_t 26 | #include "config.h" // HAVE_LIBCRYPTO 27 | 28 | 29 | #define CC20_IV_SIZE 16 30 | #define CC20_KEY_BYTES (256/8) 31 | 32 | 33 | #ifdef HAVE_LIBCRYPTO // openSSL 1.1 ---------------------------------------------------------------------------- 34 | 35 | 36 | #include 37 | #include 38 | 39 | typedef struct cc20_context_t { 40 | EVP_CIPHER_CTX *ctx; /* openssl's reusable evp_* en/de-cryption context */ 41 | const EVP_CIPHER *cipher; /* cipher to use: e.g. EVP_chacha20() */ 42 | uint8_t key[CC20_KEY_BYTES]; /* the pure key data for payload encryption & decryption */ 43 | } cc20_context_t; 44 | 45 | 46 | #elif defined (__SSE2__) // SSE2 --------------------------------------------------------------------------------- 47 | 48 | 49 | typedef struct cc20_context { 50 | uint32_t keystream32[16]; 51 | uint8_t key[CC20_KEY_BYTES]; 52 | } cc20_context_t; 53 | 54 | 55 | #else // plain C -------------------------------------------------------------------------------------------------- 56 | 57 | 58 | typedef struct cc20_context { 59 | uint32_t keystream32[16]; 60 | uint32_t state[16]; 61 | uint8_t key[CC20_KEY_BYTES]; 62 | } cc20_context_t; 63 | 64 | 65 | #endif // openSSL 1.1, plain C ------------------------------------------------------------------------------------ 66 | 67 | 68 | int cc20_crypt (unsigned char *out, const unsigned char *in, size_t in_len, 69 | const unsigned char *iv, cc20_context_t *ctx); 70 | 71 | int cc20_init (const unsigned char *key, cc20_context_t **ctx); 72 | 73 | int cc20_deinit (cc20_context_t *ctx); 74 | 75 | 76 | #endif // CC20_H 77 | -------------------------------------------------------------------------------- /include/curve25519.h: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | 20 | void curve25519 (unsigned char *q, const unsigned char *n, const unsigned char *p); 21 | -------------------------------------------------------------------------------- /include/header_encryption.h: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | #include "n2n_typedefs.h" 20 | 21 | int packet_header_decrypt (uint8_t packet[], uint16_t packet_len, 22 | char *community_name, 23 | he_context_t *ctx, he_context_t *ctx_iv, 24 | uint64_t *stamp); 25 | 26 | int packet_header_encrypt (uint8_t packet[], uint16_t header_len, uint16_t packet_len, 27 | he_context_t *ctx, he_context_t *ctx_iv, 28 | uint64_t stamp); 29 | 30 | void packet_header_setup_key (const char *community_name, 31 | he_context_t **ctx_static, he_context_t **ctx_dynamic, 32 | he_context_t **ctx_iv_static, he_context_t **ctx_iv_dynamic); 33 | 34 | void packet_header_change_dynamic_key (uint8_t *key_dynamic, 35 | he_context_t **ctx_dynamic, 36 | he_context_t **ctx_iv_dynamic); 37 | -------------------------------------------------------------------------------- /include/hexdump.h: -------------------------------------------------------------------------------- 1 | #ifndef HEXDUMP_H 2 | #define HEXDUMP_H 3 | 4 | void fhexdump(unsigned int display_addr, void *in, int size, FILE *stream); 5 | 6 | #endif 7 | -------------------------------------------------------------------------------- /include/json.h: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | 20 | // taken from (and modified) 21 | // https://github.com/Logan007/C-Simple-JSON-Parser 22 | // which is declared license-free code by the author according to 23 | // https://github.com/forkachild/C-Simple-JSON-Parser/issues/3#issuecomment-1073520808 24 | 25 | 26 | #ifndef JSON_H 27 | #define JSON_H 28 | 29 | 30 | #define json_str_is_whitespace(x) x == '\r' || x == '\n' || x == '\t' || x == ' ' 31 | #define json_str_is_numeral(x) (x >= '0' && x <= '9') || x == 'e' || x == 'E' \ 32 | || x == '.' || x == '+' || x == '-' 33 | #define json_str_remove_whitespace_calc_offset(x, y) while(json_str_is_whitespace(*x)) { x++; y++; } 34 | 35 | 36 | typedef enum { 37 | JSON_STRING = 0, 38 | JSON_DOUBLE, 39 | JSON_OBJECT 40 | } json_value_type; 41 | 42 | typedef struct _jsonobject { 43 | struct _jsonpair *pairs; 44 | int count; 45 | } json_object_t; 46 | 47 | typedef struct _jsonpair { 48 | char *key; 49 | union _jsonvalue *value; 50 | json_value_type type; 51 | } json_pair_t; 52 | 53 | typedef union _jsonvalue { 54 | char *string_value; 55 | double double_value; 56 | struct _jsonobject *json_object; 57 | } json_value_t; 58 | 59 | 60 | json_object_t *json_parse (char *str); 61 | void json_free (json_object_t *obj); 62 | 63 | 64 | #endif 65 | -------------------------------------------------------------------------------- /include/minilzo.h: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | 20 | /* minilzo.h -- mini subset of the LZO real-time data compression library 21 | 22 | This file is part of the LZO real-time data compression library. 23 | 24 | Copyright (C) 1996-2017 Markus Franz Xaver Johannes Oberhumer 25 | All Rights Reserved. 26 | 27 | The LZO library is free software; you can redistribute it and/or 28 | modify it under the terms of the GNU General Public License as 29 | published by the Free Software Foundation; either version 2 of 30 | the License, or (at your option) any later version. 31 | 32 | The LZO library is distributed in the hope that it will be useful, 33 | but WITHOUT ANY WARRANTY; without even the implied warranty of 34 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 35 | GNU General Public License for more details. 36 | 37 | You should have received a copy of the GNU General Public License 38 | along with the LZO library; see the file COPYING. 39 | If not, write to the Free Software Foundation, Inc., 40 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 41 | 42 | Markus F.X.J. Oberhumer 43 | 44 | http://www.oberhumer.com/opensource/lzo/ 45 | */ 46 | 47 | /* 48 | * NOTE: 49 | * the full LZO package can be found at 50 | * http://www.oberhumer.com/opensource/lzo/ 51 | */ 52 | 53 | 54 | #ifndef __MINILZO_H_INCLUDED 55 | #define __MINILZO_H_INCLUDED 1 56 | 57 | #define MINILZO_VERSION 0x20a0 /* 2.10 */ 58 | 59 | #if defined(__LZOCONF_H_INCLUDED) 60 | # error "you cannot use both LZO and miniLZO" 61 | #endif 62 | 63 | /* internal Autoconf configuration file - only used when building miniLZO */ 64 | #ifdef MINILZO_HAVE_CONFIG_H 65 | # include 66 | #endif 67 | #include 68 | #include 69 | 70 | #ifndef __LZODEFS_H_INCLUDED 71 | #include "lzodefs.h" 72 | #endif 73 | #undef LZO_HAVE_CONFIG_H 74 | #include "lzoconf.h" 75 | 76 | #if !defined(LZO_VERSION) || (LZO_VERSION != MINILZO_VERSION) 77 | # error "version mismatch in header files" 78 | #endif 79 | 80 | 81 | #ifdef __cplusplus 82 | extern "C" { 83 | #endif 84 | 85 | 86 | /*********************************************************************** 87 | // 88 | ************************************************************************/ 89 | 90 | /* Memory required for the wrkmem parameter. 91 | * When the required size is 0, you can also pass a NULL pointer. 92 | */ 93 | 94 | #define LZO1X_MEM_COMPRESS LZO1X_1_MEM_COMPRESS 95 | #define LZO1X_1_MEM_COMPRESS ((lzo_uint32_t) (16384L * lzo_sizeof_dict_t)) 96 | #define LZO1X_MEM_DECOMPRESS (0) 97 | 98 | 99 | /* compression */ 100 | LZO_EXTERN(int) 101 | lzo1x_1_compress ( const lzo_bytep src, lzo_uint src_len, 102 | lzo_bytep dst, lzo_uintp dst_len, 103 | lzo_voidp wrkmem ); 104 | 105 | /* decompression */ 106 | LZO_EXTERN(int) 107 | lzo1x_decompress ( const lzo_bytep src, lzo_uint src_len, 108 | lzo_bytep dst, lzo_uintp dst_len, 109 | lzo_voidp wrkmem /* NOT USED */ ); 110 | 111 | /* safe decompression with overrun testing */ 112 | LZO_EXTERN(int) 113 | lzo1x_decompress_safe ( const lzo_bytep src, lzo_uint src_len, 114 | lzo_bytep dst, lzo_uintp dst_len, 115 | lzo_voidp wrkmem /* NOT USED */ ); 116 | 117 | 118 | #ifdef __cplusplus 119 | } /* extern "C" */ 120 | #endif 121 | 122 | #endif /* already included */ 123 | 124 | 125 | /* vim:set ts=4 sw=4 et: */ 126 | -------------------------------------------------------------------------------- /include/n2n_port_mapping.h: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | 20 | #ifndef _N2N_PORT_MAPPING_H_ 21 | #define _N2N_PORT_MAPPING_H_ 22 | 23 | 24 | #include 25 | 26 | #ifdef HAVE_MINIUPNP 27 | #include 28 | #include 29 | #include 30 | #endif // HAVE_MINIUPNP 31 | 32 | 33 | #ifdef HAVE_NATPMP 34 | #include "natpmp.h" 35 | #endif // HAVE_NATPMP 36 | 37 | 38 | void n2n_set_port_mapping (const uint16_t port); 39 | void n2n_del_port_mapping (const uint16_t port); 40 | 41 | 42 | #endif // _N2N_PORT_MAPPING_H_ 43 | -------------------------------------------------------------------------------- /include/n2n_regex.h: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | // taken from https://github.com/kokke/tiny-regex-c 20 | // under Unlicense as of August 4, 2020 21 | 22 | /* 23 | * 24 | * Mini regex-module inspired by Rob Pike's regex code described in: 25 | * 26 | * http://www.cs.princeton.edu/courses/archive/spr09/cos333/beautiful.html 27 | * 28 | * 29 | * 30 | * Supports: 31 | * --------- 32 | * '.' Dot, matches any character 33 | * '^' Start anchor, matches beginning of string 34 | * '$' End anchor, matches end of string 35 | * '*' Asterisk, match zero or more (greedy) 36 | * '+' Plus, match one or more (greedy) 37 | * '?' Question, match zero or one (non-greedy) 38 | * '[abc]' Character class, match if one of {'a', 'b', 'c'} 39 | * '[^abc]' Inverted class, match if NOT one of {'a', 'b', 'c'} -- NOTE: feature is currently broken! 40 | * '[a-zA-Z]' Character ranges, the character set of the ranges { a-z | A-Z } 41 | * '\s' Whitespace, \t \f \r \n \v and spaces 42 | * '\S' Non-whitespace 43 | * '\w' Alphanumeric, [a-zA-Z0-9_] 44 | * '\W' Non-alphanumeric 45 | * '\d' Digits, [0-9] 46 | * '\D' Non-digits 47 | * 48 | * 49 | */ 50 | 51 | #ifndef _N2N_REGEX_ 52 | #define _N2N_REGEX_ 53 | 54 | #ifdef __cplusplus 55 | extern "C" { 56 | #endif 57 | 58 | #include 59 | 60 | /* Compile regex string pattern to a regex_t-array. */ 61 | re_t re_compile (const char* pattern); 62 | 63 | 64 | /* Find matches of the compiled pattern inside text. */ 65 | int re_matchp (re_t pattern, const char* text, int* matchlenght); 66 | 67 | 68 | /* Find matches of the txt pattern inside text (will compile automatically first). */ 69 | int re_match (const char* pattern, const char* text, int* matchlenght); 70 | 71 | 72 | #ifdef __cplusplus 73 | } 74 | #endif 75 | 76 | #endif 77 | -------------------------------------------------------------------------------- /include/network_traffic_filter.h: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | // 20 | // Zhou Bin 21 | // 22 | 23 | #ifndef N2N_NETWORK_TRAFFIC_FILTER_H 24 | #define N2N_NETWORK_TRAFFIC_FILTER_H 25 | 26 | #include "n2n_typedefs.h" 27 | 28 | network_traffic_filter_t* create_network_traffic_filter (); 29 | 30 | void destroy_network_traffic_filter (network_traffic_filter_t* filter); 31 | 32 | void network_traffic_filter_add_rule (network_traffic_filter_t* filter, filter_rule_t* rules); 33 | 34 | //rule_str format: src_ip/len:[b_port,e_port],dst_ip/len:[s_port,e_port],TCP+/-,UDP+/-,ICMP+/- 35 | uint8_t process_traffic_filter_rule_str (const char* rule_str, filter_rule_t* rule_struct); 36 | 37 | #endif //N2N_NETWORK_TRAFFIC_FILTER_H 38 | -------------------------------------------------------------------------------- /include/pearson.h: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | 20 | #include // for size_t 21 | #include // for uint8_t, uint16_t, uint32_t, uint64_t 22 | 23 | 24 | void pearson_hash_256 (uint8_t *out, const uint8_t *in, size_t len); 25 | 26 | void pearson_hash_128 (uint8_t *out, const uint8_t *in, size_t len); 27 | 28 | uint64_t pearson_hash_64 (const uint8_t *in, size_t len); 29 | 30 | uint32_t pearson_hash_32 (const uint8_t *in, size_t len); 31 | 32 | uint16_t pearson_hash_16 (const uint8_t *in, size_t len); 33 | 34 | void pearson_hash_init (); 35 | -------------------------------------------------------------------------------- /include/random_numbers.h: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | 20 | #ifndef RND_H 21 | #define RND_H 22 | 23 | 24 | #include // for uint64_t, uint32_t 25 | 26 | 27 | // syscall and inquiring random number from hardware generators might fail, so we will retry 28 | #define RND_RETRIES 1000 29 | 30 | #if defined (__linux__) 31 | #include // for SYS_getrandom 32 | #ifdef SYS_getrandom 33 | #define GRND_NONBLOCK 1 34 | #endif 35 | #endif 36 | 37 | #if defined (__RDRND__) || defined (__RDSEED__) 38 | #include /* _rdrand64_step, rdseed4_step */ 39 | #endif 40 | 41 | #ifdef _WIN32 42 | #include // HCTYPTPROV, Crypt*-functions 43 | #endif 44 | 45 | 46 | typedef struct rn_generator_state_t { 47 | uint64_t a, b; 48 | } rn_generator_state_t; 49 | 50 | typedef struct splitmix64_state_t { 51 | uint64_t s; 52 | } splitmix64_state_t; 53 | 54 | 55 | int n2n_srand (uint64_t seed); 56 | 57 | uint64_t n2n_rand (void); 58 | 59 | uint64_t n2n_seed (void); 60 | 61 | uint32_t n2n_rand_sqr (uint32_t max_n); 62 | 63 | 64 | #endif // RND_H 65 | -------------------------------------------------------------------------------- /include/sn_selection.h: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | #ifndef _SN_SELECTION_ 20 | #define _SN_SELECTION_ 21 | 22 | typedef char selection_criterion_str_t[SN_SELECTION_CRITERION_BUF_SIZE]; 23 | 24 | #include "n2n.h" 25 | 26 | /* selection criterion's functions */ 27 | int sn_selection_criterion_init (peer_info_t *peer); 28 | int sn_selection_criterion_default (SN_SELECTION_CRITERION_DATA_TYPE *selection_criterion); 29 | int sn_selection_criterion_bad (SN_SELECTION_CRITERION_DATA_TYPE *selection_criterion); 30 | int sn_selection_criterion_good (SN_SELECTION_CRITERION_DATA_TYPE *selection_criterion); 31 | int sn_selection_criterion_calculate (n2n_edge_t *eee, peer_info_t *peer, SN_SELECTION_CRITERION_DATA_TYPE *data); 32 | 33 | /* common data's functions */ 34 | int sn_selection_criterion_common_data_default (n2n_edge_t *eee); 35 | 36 | /* sorting function */ 37 | int sn_selection_sort (peer_info_t **peer_list); 38 | 39 | /* gathering data function */ 40 | SN_SELECTION_CRITERION_DATA_TYPE sn_selection_criterion_gather_data (n2n_sn_t *sss); 41 | 42 | /* management port output function */ 43 | extern char * sn_selection_criterion_str (n2n_edge_t *eee, selection_criterion_str_t out, peer_info_t *peer); 44 | 45 | 46 | #endif /* _SN_SELECTION_ */ 47 | -------------------------------------------------------------------------------- /include/speck.h: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | 20 | // cipher SPECK -- 128 bit block size -- 128 and 256 bit key size -- CTR mode 21 | // taken from (and modified: removed pure crypto-stream generation and seperated key expansion) 22 | // https://github.com/nsacyber/simon-speck-supercop/blob/master/crypto_stream/speck128256ctr/ 23 | 24 | 25 | #ifndef SPECK_H 26 | #define SPECK_H 27 | 28 | 29 | #include // for uint64_t, uint32_t 30 | 31 | 32 | #define u32 uint32_t 33 | #define u64 uint64_t 34 | 35 | #define N2N_SPECK_IVEC_SIZE 16 36 | #define SPECK_KEY_BYTES (256/8) 37 | 38 | 39 | #if defined (__AVX512F__) // AVX512 support ----------------------------------------------------------------------- 40 | 41 | 42 | #include 43 | #include /* memcpy() */ 44 | 45 | #define u512 __m512i 46 | 47 | #define SPECK_ALIGNED_CTX 64 48 | 49 | typedef struct { 50 | u512 rk[34]; 51 | u64 key[34]; 52 | u32 keysize; 53 | } speck_context_t; 54 | 55 | 56 | #elif defined (__AVX2__) // AVX2 support -------------------------------------------------------------------------- 57 | 58 | 59 | #include 60 | 61 | #define u256 __m256i 62 | 63 | #define SPECK_ALIGNED_CTX 32 64 | 65 | typedef struct { 66 | u256 rk[34]; 67 | u64 key[34]; 68 | u32 keysize; 69 | } speck_context_t; 70 | 71 | 72 | #elif defined (__SSE2__) // SSE support --------------------------------------------------------------------------- 73 | 74 | 75 | #include 76 | 77 | #define u128 __m128i 78 | 79 | #define SPECK_ALIGNED_CTX 16 80 | #define SPECK_CTX_BYVAL 1 81 | 82 | typedef struct { 83 | u128 rk[34]; 84 | u64 key[34]; 85 | u32 keysize; 86 | } speck_context_t; 87 | 88 | 89 | #elif defined (__ARM_NEON) && defined (SPECK_ARM_NEON) // NEON support --------------------------------------- 90 | 91 | 92 | #include 93 | 94 | #define u128 uint64x2_t 95 | 96 | typedef struct { 97 | u128 rk[34]; 98 | u64 key[34]; 99 | u32 keysize; 100 | } speck_context_t; 101 | 102 | 103 | #else // plain C -------------------------------------------------------------------------------------------------- 104 | 105 | 106 | typedef struct { 107 | u64 key[34]; 108 | u32 keysize; 109 | } speck_context_t; 110 | 111 | 112 | #endif // --------------------------------------------------------------------------------------------------------- 113 | 114 | 115 | int speck_ctr (unsigned char *out, const unsigned char *in, unsigned long long inlen, 116 | const unsigned char *n, 117 | speck_context_t *ctx); 118 | 119 | int speck_init (speck_context_t **ctx, const unsigned char *k, int keysize); 120 | 121 | int speck_deinit (speck_context_t *ctx); 122 | 123 | 124 | // ---------------------------------------------------------------------------------------------------------------- 125 | // ---------------------------------------------------------------------------------------------------------------- 126 | 127 | 128 | // cipher SPECK -- 128 bit block size -- 128 bit key size -- ECB mode 129 | // follows endianess rules as used in official implementation guide and NOT as in original 2013 cipher presentation 130 | // used for IV in header encryption (one block) and challenge encryption (user/password) 131 | // for now: just plain C -- probably no need for AVX, SSE, NEON 132 | 133 | 134 | int speck_128_decrypt (unsigned char *inout, speck_context_t *ctx); 135 | 136 | int speck_128_encrypt (unsigned char *inout, speck_context_t *ctx); 137 | 138 | 139 | #endif // SPECK_H 140 | -------------------------------------------------------------------------------- /include/tf.h: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | 20 | // taken (and modified) from github/fudanchii/twofish as of August 2020 21 | // which itself is a modified copy of Andrew T. Csillag's implementation 22 | // published on github/drewcsillag/twofish 23 | 24 | 25 | /** 26 | * The MIT License (MIT) 27 | * 28 | * Copyright (c) 2015 Andrew T. Csillag 29 | * 30 | * Permission is hereby granted, free of charge, to any person obtaining a copy 31 | * of this software and associated documentation files (the "Software"), to deal 32 | * in the Software without restriction, including without limitation the rights 33 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 34 | * copies of the Software, and to permit persons to whom the Software is 35 | * furnished to do so, subject to the following conditions: 36 | * 37 | * The above copyright notice and this permission notice shall be included in 38 | * all copies or substantial portions of the Software. 39 | * 40 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 41 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 42 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 43 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 44 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 45 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 46 | * THE SOFTWARE. 47 | */ 48 | 49 | 50 | #ifndef TF_H 51 | #define TF_H 52 | 53 | 54 | #include // for uint32_t 55 | #include // for size_t 56 | 57 | 58 | #define TF_BLOCK_SIZE 16 59 | #define TF_IV_SIZE (TF_BLOCK_SIZE) 60 | 61 | 62 | typedef struct tf_context_t { 63 | int N; 64 | uint32_t K[40]; 65 | uint32_t QF[4][256]; 66 | } tf_context_t; 67 | 68 | 69 | int tf_ecb_decrypt (unsigned char *out, const unsigned char *in, tf_context_t *ctx); 70 | 71 | int tf_ecb_encrypt (unsigned char *out, const unsigned char *in, tf_context_t *ctx); 72 | 73 | int tf_cbc_encrypt (unsigned char *out, const unsigned char *in, size_t in_len, 74 | const unsigned char *iv, tf_context_t *ctx); 75 | 76 | int tf_cbc_decrypt (unsigned char *out, const unsigned char *in, size_t in_len, 77 | const unsigned char *iv, tf_context_t *ctx); 78 | 79 | int tf_init (const unsigned char *key, size_t key_size, tf_context_t **ctx); 80 | 81 | int tf_deinit (tf_context_t *ctx); 82 | 83 | 84 | #endif // TF_H 85 | -------------------------------------------------------------------------------- /legacy/README.md: -------------------------------------------------------------------------------- 1 | # Removed Features 2 | 3 | This folder contains a list N2N legacy features which have been dropped due to 4 | maintainance cost versus effective use and benefits. 5 | 6 | Multiple Transops 7 | ----------------- 8 | 9 | N2N used to initialize all the available transops and use the "tick" function of 10 | the transops to decide which transop to use before sending a packet. This however 11 | has the following problems: 12 | 13 | - It only works with the keyfile, whereas with normal encryption we inizialize and 14 | keep structures that we don't need. 15 | - It is unfeasable as an edge node is required to implement all the transops in order 16 | to properly talk with other edge nodes (via keyfile). 17 | - It rises the complexity of the code. 18 | - It is not clear which transop will be used. 19 | - Mixing multiple encyptions together is not necessarily a good idea to improve security 20 | as a vulnerability in at least one encryption method will leak some information. 21 | 22 | Keyfile and Key Rotation 23 | ------------------------ 24 | 25 | The keyfile mechanism allowed N2N users to specify a keyfile to be used to periodically 26 | rotate keys and encryption methods. However, it has the following problems: 27 | 28 | - This feature is obscure for most of the users and poorly documented. 29 | - It is tightly integrated in the core whereas it is used by only a few people (if any). 30 | 31 | In conclusion the main problem is the complexity that it adds to the code. In a possible 32 | future rework this could be integrated as an extention (e.g. a specific trasop) without 33 | rising the core complexity. 34 | -------------------------------------------------------------------------------- /legacy/edge_keyschedule.c: -------------------------------------------------------------------------------- 1 | typedef struct n2n_tostat { 2 | uint8_t can_tx; /* Does this transop have a valid SA for encoding. */ 3 | n2n_cipherspec_t tx_spec; /* If can_tx, the spec used to encode. */ 4 | } n2n_tostat_t; 5 | 6 | typedef uint32_t n2n_sa_t; /* security association number */ 7 | typedef int (*n2n_transaddspec_f)( struct n2n_trans_op * arg, 8 | const n2n_cipherspec_t * cspec ); 9 | 10 | typedef n2n_tostat_t (*n2n_transtick_f)( struct n2n_trans_op * arg, 11 | time_t now ); 12 | 13 | /** Read in a key-schedule file, parse the lines and pass each line to the 14 | * appropriate trans_op for parsing of key-data and adding key-schedule 15 | * entries. The lookup table of time->trans_op is constructed such that 16 | * encoding can be passed to the correct trans_op. The trans_op internal table 17 | * will then determine the best SA for that trans_op from the key schedule to 18 | * use for encoding. */ 19 | 20 | static int edge_init_keyschedule(n2n_edge_t *eee) { 21 | #define N2N_NUM_CIPHERSPECS 32 22 | 23 | int retval = -1; 24 | ssize_t numSpecs=0; 25 | n2n_cipherspec_t specs[N2N_NUM_CIPHERSPECS]; 26 | size_t i; 27 | time_t now = time(NULL); 28 | 29 | numSpecs = n2n_read_keyfile(specs, N2N_NUM_CIPHERSPECS, eee->conf.keyschedule); 30 | 31 | if(numSpecs > 0) 32 | { 33 | traceEvent(TRACE_NORMAL, "keyfile = %s read -> %d specs.\n", optarg, (signed int)numSpecs); 34 | 35 | for (i=0; i < (size_t)numSpecs; ++i) 36 | { 37 | n2n_transform_t idx = (n2n_transform_t) specs[i].t; 38 | if(idx != eee->transop.transform_id) { 39 | traceEvent(TRACE_ERROR, "changing transop in keyschedule is not supported"); 40 | retval = -1; 41 | } 42 | 43 | if(eee->transop.addspec != NULL) 44 | retval = eee->transop.addspec(&eee->transop, &(specs[i])); 45 | 46 | if (0 != retval) 47 | { 48 | traceEvent(TRACE_ERROR, "keyschedule failed to add spec[%u] to transop[%d].\n", 49 | (unsigned int)i, idx); 50 | 51 | return retval; 52 | } 53 | } 54 | 55 | n2n_tick_transop(eee, now); 56 | } 57 | else 58 | traceEvent(TRACE_ERROR, "Failed to process '%s'", eee->conf.keyschedule); 59 | 60 | return retval; 61 | } 62 | 63 | #if 0 64 | if(recvlen >= 6) 65 | { 66 | if(0 == memcmp(udp_buf, "reload", 6)) 67 | { 68 | if(strlen(eee->conf.keyschedule) > 0) 69 | { 70 | if(edge_init_keyschedule(eee) == 0) 71 | { 72 | msg_len=0; 73 | msg_len += snprintf((char *)(udp_buf+msg_len), (N2N_PKT_BUF_SIZE-msg_len), 74 | "> OK\n"); 75 | sendto(eee->udp_mgmt_sock, udp_buf, msg_len, 0/*flags*/, 76 | (struct sockaddr *)&sender_sock, sizeof(struct sockaddr_in)); 77 | } 78 | return; 79 | } 80 | } 81 | } 82 | #endif 83 | 84 | #if 0 85 | case'K': 86 | { 87 | if(conf->encrypt_key) { 88 | traceEvent(TRACE_ERROR, "Error: -K and -k options are mutually exclusive"); 89 | exit(1); 90 | } else { 91 | strncpy(conf->keyschedule, optargument, N2N_PATHNAME_MAXLEN-1); 92 | /* strncpy does not add NULL if the source has no NULL. */ 93 | conf->keyschedule[N2N_PATHNAME_MAXLEN-1] = 0; 94 | 95 | traceEvent(TRACE_NORMAL, "keyfile = '%s'\n", conf->keyschedule); 96 | } 97 | break; 98 | } 99 | #endif 100 | 101 | #if 0 102 | printf("-K | Specify a key schedule file to load. Not with -k.\n"); 103 | #endif 104 | -------------------------------------------------------------------------------- /legacy/gen_keyfile.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | # (c) 2009 Richard Andrews 4 | 5 | # Program to generate a n2n_edge key schedule file for twofish keys 6 | # Each key line consists of the following element 7 | # 8 | # 9 | # where , are UNIX time_t values of key valid period 10 | # is the transform ID (=2 for twofish) 11 | # is twofish-specific data as follows 12 | # _ 13 | 14 | import os 15 | import sys 16 | import time 17 | import random 18 | 19 | NUM_KEYS=30 20 | KEY_LIFE=300 21 | KEY_LEN=16 22 | 23 | now=time.time() 24 | start_sa=random.randint( 0, 0xffffffff ) 25 | 26 | random.seed(now) # note now is a floating point time value 27 | 28 | def rand_key(): 29 | key=str() 30 | for i in range(0,KEY_LEN): 31 | key += "%02x"%( random.randint( 0, 255) ) 32 | 33 | return key 34 | 35 | for i in range(0,NUM_KEYS): 36 | from_time = now + (KEY_LIFE * (i-1) ) 37 | until_time = now + (KEY_LIFE * (i+1) ) 38 | key = rand_key() 39 | sa_idx = start_sa + i 40 | transform_id = random.randint( 2, 3 ) 41 | 42 | sys.stdout.write("%d %d %d %d_%s\n"%(from_time, until_time, transform_id,sa_idx, key) ) 43 | 44 | 45 | -------------------------------------------------------------------------------- /legacy/n2n_keyfile.h: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-18 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | /** Key files 20 | * 21 | * Edge implements a very simple interface for getting instructions about 22 | * rolling keys. 23 | * 24 | * Key definitions are written as individual files in /.key. The 25 | * format of each key is a single line of hex nibbles as follows: 26 | * 27 | * 0102030405060708090a0b0c0d0e0f 28 | * 29 | * Any external key exchange mechanism can receive the key data write it into 30 | * the keyfiles. 31 | * 32 | * To control which keys are active at what times the key control file is 33 | * used. This is a single file which is periodically reread. It contains key 34 | * definitions in chronological order with one line per key definition as 35 | * follows: 36 | * 37 | * 38 | * 39 | * edge reads the key control file periodically to get updates in policy. edge 40 | * holds a number of keys in memory. Data can be decoded if it was encoded by 41 | * any of the keys still in memory. By having at least 2 keys in memory it 42 | * allows for clock skew and transmission delay when encoder and decoder roll 43 | * keys at slightly different times. The amount of overlap in the valid time 44 | * ranges provides the tolerance to timing skews in the system. 45 | * 46 | * The keys have the same level of secrecy as any other user file. Existing 47 | * UNIX permission systems can be used to provide access controls. 48 | * 49 | */ 50 | 51 | /** How Edge Uses The Key Schedule 52 | * 53 | * Edge provides state space for a number of transform algorithms. Each 54 | * transform uses its state space to store the SA information for its keys as 55 | * found in the key file. When a packet is received the transform ID is in 56 | * plain text. The packets is then sent to that transform for decoding. Each 57 | * transform can store its SA numbers differently (or not at all). The 58 | * transform code then finds the SA number, then finds the cipher (with key) in 59 | * the state space and uses this to decode the packet. 60 | * 61 | * To support this, as edge reads each key line, it passes it to the 62 | * appropriate transform to parse the line and store the SA information in its 63 | * state space. 64 | * 65 | * When encoding a packet, edge has several transforms and potentially valid 66 | * SAs to choose from. To keep track of which one to use for encoding edge does 67 | * its own book-keeping as each key line is passed to the transform code: it 68 | * stores a lookup of valid_from -> transform. When encoding a packet it then 69 | * just calls the transform with the best valid_from in the table. The 70 | * transform's own state space has all the SAs for its keys and the best of 71 | * those is chosen. 72 | */ 73 | 74 | #if !defined( N2N_KEYFILE_H_ ) 75 | #define N2N_KEYFILE_H_ 76 | 77 | 78 | #include "n2n_wire.h" 79 | #include 80 | 81 | #define N2N_MAX_KEYSIZE 256 /* bytes */ 82 | #define N2N_MAX_NUM_CIPHERSPECS 8 83 | #define N2N_KEYPATH_SIZE 256 84 | #define N2N_KEYFILE_LINESIZE 256 85 | 86 | /** This structure stores an encryption cipher spec. */ 87 | struct n2n_cipherspec 88 | { 89 | n2n_transform_t t; /* N2N_TRANSFORM_ID_xxx for this spec. */ 90 | time_t valid_from; /* Start using the key at this time. */ 91 | time_t valid_until; /* Key is valid if time < valid_until. */ 92 | uint16_t opaque_size; /* Size in bytes of key. */ 93 | uint8_t opaque[N2N_MAX_KEYSIZE];/* Key matter. */ 94 | }; 95 | 96 | typedef struct n2n_cipherspec n2n_cipherspec_t; 97 | 98 | 99 | static const char * const DELIMITERS=" \t\n\r"; 100 | 101 | 102 | /** @return number of cipherspec items filled. */ 103 | int n2n_read_keyfile( n2n_cipherspec_t * specs, /* fill out this array of cipherspecs */ 104 | size_t numspecs, /* number of slots in the array. */ 105 | const char * ctrlfile_path ); /* path to control file */ 106 | 107 | int validCipherSpec( const n2n_cipherspec_t * k, 108 | time_t now ); 109 | 110 | ssize_t n2n_parse_hex( uint8_t * keyBuf, 111 | size_t keyMax, 112 | const char * textKey, 113 | size_t textLen ); 114 | 115 | /*----------------------------------------------------------------------------*/ 116 | 117 | #endif /* #if !defined( N2N_KEYFILE_H_ ) */ 118 | -------------------------------------------------------------------------------- /packages/centos: -------------------------------------------------------------------------------- 1 | rpm -------------------------------------------------------------------------------- /packages/debian/Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Change it according to your setup 3 | # 4 | # Prerequisite: apt-get install devscripts 5 | # 6 | # 7 | N2N_HOME=$(PWD)/../.. 8 | N2N_BUILD=${N2N_HOME}/packages/debian/n2n 9 | 10 | include ${N2N_HOME}/config.mak 11 | 12 | # TODO: continue to untangle the version generation 13 | # we either should not need to override the config.mak here or 14 | # should never set the version in config.mak and always calculate it 15 | PACKAGE_VERSION := $(shell ${N2N_HOME}/scripts/version.sh) 16 | 17 | all: clean pkg 18 | 19 | pkg: 20 | make -C ../../ 21 | if test -e "${N2N_BUILD}"; then /bin/rm -fr ${N2N_BUILD}; fi 22 | mkdir -p ${N2N_BUILD}/usr/sbin ${N2N_BUILD}/usr/share/man/man1 ${N2N_BUILD}/usr/share/man/man7 ${N2N_BUILD}/usr/share/man/man8 23 | mkdir -p ${N2N_BUILD}/usr/share/doc/n2n/examples 24 | install -m755 ../../supernode ${N2N_BUILD}/usr/sbin/ 25 | install -m755 ../../edge ${N2N_BUILD}/usr/sbin/ 26 | install -m644 ../../edge.8.gz ${N2N_BUILD}/usr/share/man/man8/ 27 | install -m644 ../../supernode.1.gz ${N2N_BUILD}/usr/share/man/man1/ 28 | install -m644 ../../n2n.7.gz ${N2N_BUILD}/usr/share/man/man7/ 29 | install -m644 ../../community.list ${N2N_BUILD}/usr/share/doc/n2n/examples/ 30 | install -m644 ../../doc/*.md ${N2N_BUILD}/usr/share/doc/n2n/ 31 | @/bin/rm -f ../n2n*.deb 32 | DEBEMAIL=builder@example.com dch -v ${PACKAGE_VERSION} --no-auto-nmu Auto Build 33 | dpkg-buildpackage -rfakeroot -d -us -uc --host-type ${CONFIG_HOST} 34 | -dpkg-sig --sign builder -k D1EB60BE ../n2n_*deb 35 | @\rm -f ../n2n_*dsc ../n2n_*.gz ../n2n_*changes 36 | @/bin/mv ../n2n_*deb . 37 | @echo 38 | @echo "Package built." 39 | @/bin/ls n2n_*deb 40 | @echo "-------------------------------" 41 | -dpkg -I n2n_*deb 42 | -dpkg --contents n2n_*deb 43 | @echo "-------------------------------" 44 | 45 | distclean: 46 | echo "dummy distclean" 47 | 48 | install: 49 | echo "dummy install" 50 | 51 | clean: 52 | rm -rf *~ *deb 53 | -------------------------------------------------------------------------------- /packages/debian/README: -------------------------------------------------------------------------------- 1 | Prerequisites 2 | ------------- 3 | apt-get install debhelper fakeroot dpkg-sig devscripts 4 | 5 | EdgeOS 6 | ------ 7 | We need to replace BusyBox-implemented commands using full-fledged commands by doing 8 | (see http://community.ubnt.com/t5/EdgeMAX/ubnt-debian-package-conflict/m-p/421325) 9 | 10 | curl -O http://ftp.us.debian.org/debian/pool/main/c/coreutils/coreutils_8.5-1_mips.deb 11 | dpkg -i --force-all coreutils_8.5-1_mips.deb 12 | 13 | curl -O http://ftp.us.debian.org/debian/pool/main/t/tar/tar_1.23-3_mips.deb 14 | dpkg -i --force-all tar_1.23-3_mips.deb 15 | 16 | wget http://ftp.us.debian.org/debian/pool/main/f/findutils/findutils_4.4.2-4_mips.deb 17 | dpkg -i --force-all findutils_4.4.2-4_mips.deb 18 | 19 | wget http://ftp.us.debian.org/debian/pool/main/g/gzip/gzip_1.5-1.1_mips.deb 20 | dpkg -i --force-all gzip_1.5-1.1_mips.deb 21 | 22 | -------------------------------------------------------------------------------- /packages/debian/configure: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # TODO: Remove this file before the next stable release 3 | echo "This configure script is no longer needed, update your build system" 4 | -------------------------------------------------------------------------------- /packages/debian/configure.ac: -------------------------------------------------------------------------------- 1 | AC_INIT([Makefile.in], 1.0) 2 | # TODO: Remove this file before the next stable release 3 | echo "This configure script is no longer needed, update your build system" 4 | -------------------------------------------------------------------------------- /packages/debian/debian/README: -------------------------------------------------------------------------------- 1 | This directory contains the files needed to build the package 2 | named 'n2n' for the Debian GNU/Linux distribution. 3 | -------------------------------------------------------------------------------- /packages/debian/debian/changelog: -------------------------------------------------------------------------------- 1 | n2n (3.0) table; urgency=high 2 | * Last stable release 3 | 4 | -- Luca Deri Wed, 27 Oct 2021 20:43:08 +0200 5 | -------------------------------------------------------------------------------- /packages/debian/debian/compat: -------------------------------------------------------------------------------- 1 | 9 2 | -------------------------------------------------------------------------------- /packages/debian/debian/conffiles: -------------------------------------------------------------------------------- 1 | /etc/n2n/edge.conf.sample 2 | /etc/n2n/supernode.conf.sample 3 | -------------------------------------------------------------------------------- /packages/debian/debian/control: -------------------------------------------------------------------------------- 1 | Source: n2n 2 | Section: net 3 | Priority: extra 4 | Maintainer: Luca Deri 5 | Standards-Version: 4.6.0 6 | Build-Depends: 7 | 8 | Package: n2n 9 | Architecture: any 10 | Suggests: uml-utilities 11 | Depends: ${shlibs:Depends}, ${misc:Depends} 12 | Conflicts: n2n (<< 2.1.0-1) 13 | Replaces: n2n (<< 2.1.0-1) 14 | Description: a layer-two peer-to-peer virtual private network (VPN) 15 | n2n is a layer-two peer-to-peer virtual private network (VPN) which allows 16 | users to exploit features typical of P2P applications at network instead of 17 | application level. This means that users can gain native IP visibility (e.g. 18 | two PCs belonging to the same n2n network can ping each other) and be 19 | reachable with the same network IP address regardless of the network where 20 | they currently belong. In a nutshell, as OpenVPN moved SSL from application 21 | (e.g. used to implement the https protocol) to network protocol, n2n moves 22 | P2P from application to network level. 23 | . 24 | Edge is the edge node daemon for n2n which creates a TAP interface to expose 25 | the n2n virtual LAN. 26 | -------------------------------------------------------------------------------- /packages/debian/debian/dirs: -------------------------------------------------------------------------------- 1 | usr/sbin 2 | etc/systemd 3 | etc/init.d 4 | -------------------------------------------------------------------------------- /packages/debian/debian/docs: -------------------------------------------------------------------------------- 1 | README 2 | -------------------------------------------------------------------------------- /packages/debian/debian/n2n.substvars: -------------------------------------------------------------------------------- 1 | misc:Depends=debconf (>= 0.5) | debconf-2.0 2 | misc:Pre-Depends= 3 | -------------------------------------------------------------------------------- /packages/debian/debian/postinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | case "$1" in 4 | configure) 5 | # continue below 6 | ;; 7 | 8 | abort-upgrade|abort-remove|abort-deconfigure) 9 | exit 0 10 | ;; 11 | 12 | *) 13 | echo "postinst called with unknown argument \`$1'" >&2 14 | exit 0 15 | ;; 16 | esac 17 | 18 | umask 022 19 | 20 | if ! grep -q n2n /etc/group; then 21 | echo 'Creating n2n group' 22 | /usr/sbin/groupadd -r n2n 23 | fi 24 | 25 | if ! /usr/bin/id -u n2n > /dev/null 2>&1; then 26 | echo "Creating n2n user..." 27 | /usr/sbin/useradd -M -N -g n2n -r -s /bin/false n2n 28 | fi 29 | 30 | echo "Rebuilding ld cache..." 31 | /sbin/ldconfig 32 | 33 | if [ -f /.dockerenv ]; then exit 0; fi 34 | 35 | # Start service after upgrade/install 36 | systemctl daemon-reload 37 | systemctl reset-failed 38 | 39 | # Enable edge 40 | if systemctl -q is-active edge; then 41 | # only restart edge if it's already running 42 | echo "Restarting n2n edge..." 43 | deb-systemd-invoke restart edge 44 | fi 45 | 46 | # Restart specific services if already running 47 | deb-systemd-invoke restart 'edge@*.service' 'edge-ntopng@*.service' 48 | 49 | # Enable supernode 50 | if systemctl -q is-active supernode; then 51 | # only restart supernode if it's already running 52 | echo "Restarting n2n supernode..." 53 | deb-systemd-invoke restart supernode 54 | fi 55 | 56 | exit 0 57 | -------------------------------------------------------------------------------- /packages/debian/debian/postrm: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | set -e 4 | 5 | #case "$1" in 6 | # purge|remove) 7 | # 8 | # ;; 9 | #esac 10 | 11 | exit 0 12 | -------------------------------------------------------------------------------- /packages/debian/debian/preinst: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # preinst script for n2n 3 | # 4 | # see: dh_installdeb(1) 5 | 6 | set -e 7 | 8 | # summary of how this script can be called: 9 | # * `install' 10 | # * `install' 11 | # * `upgrade' 12 | # * `abort-upgrade' 13 | 14 | case "$1" in 15 | install|upgrade) 16 | ;; 17 | 18 | abort-upgrade) 19 | ;; 20 | 21 | *) 22 | echo "preinst called with unknown argument \`$1'" >&2 23 | exit 0 24 | ;; 25 | esac 26 | 27 | # dh_installdeb will replace this with shell code automatically 28 | # generated by other debhelper scripts. 29 | 30 | 31 | exit 0 32 | -------------------------------------------------------------------------------- /packages/debian/debian/prerm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | if [ -f /.dockerenv ]; then exit 0; fi 6 | 7 | . /usr/share/debconf/confmodule 8 | 9 | if [ "$1" = "remove" ]; then 10 | deb-systemd-invoke stop edge.service 'edge@*.service' 'edge-ntopng@*.service' 11 | deb-systemd-invoke disable edge.service 'edge@*.service' 'edge-ntopng@*.service' 12 | deb-systemd-invoke stop supernode.service 13 | deb-systemd-invoke disable supernode.service 14 | systemctl daemon-reload 15 | systemctl reset-failed 16 | fi 17 | 18 | exit 0 19 | -------------------------------------------------------------------------------- /packages/debian/debian/rules: -------------------------------------------------------------------------------- 1 | #!/usr/bin/make -f 2 | 3 | # Uncomment this to turn on verbose mode. 4 | # export DH_VERBOSE=1 5 | 6 | # 7 | # debian/compat 8 | # We should use at least compatibility version 5 9 | # but this requires the whole building process 10 | # to be remade and this is something we leave 11 | # to when we will have more time 12 | # http://www.tin.org/bin/man.cgi?section=7&topic=debhelper 13 | # 14 | 15 | package=n2n 16 | 17 | build: build-stamp 18 | build-stamp: 19 | dh_testdir 20 | 21 | clean: 22 | dh_testdir 23 | dh_testroot 24 | dh_clean 25 | 26 | install: build 27 | dh_testdir 28 | dh_testroot 29 | dh_prep 30 | dh_installdirs 31 | 32 | # Build architecture-independent files here. 33 | binary-indep: build install 34 | # We have nothing to do by default. 35 | 36 | # Build architecture-dependent files here. 37 | binary-arch: build install 38 | dh_testdir 39 | dh_testroot 40 | dh_prep 41 | dh_installdirs 42 | dh_installinit 43 | dh_installdebconf 44 | dh_installman 45 | dh_strip 46 | dh_compress 47 | dh_fixperms 48 | dh_installdeb 49 | cp -r n2n debian 50 | cp -r ../etc debian/n2n 51 | find debian/n2n -name "*.in" -exec /bin/rm {} ';' 52 | find debian/n2n -name "*~" -exec /bin/rm {} ';' 53 | dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info 54 | dh_link 55 | dh_gencontrol 56 | dh_md5sums 57 | dh_builddeb 58 | 59 | binary: binary-indep binary-arch 60 | .PHONY: build clean binary-indep binary-arch binary install 61 | -------------------------------------------------------------------------------- /packages/debian/debian/templates: -------------------------------------------------------------------------------- 1 | Template: n2n/license_expired_continue_installation 2 | Type: boolean 3 | Default: true 4 | Description: Do you want to continue with the installation? 5 | License found is not valid for the new package that is going to be installed. 6 | . 7 | Renew the maintenance to get a valid license for the new package or cancel the installation to continue using the current package. 8 | -------------------------------------------------------------------------------- /packages/etc/n2n/edge.conf.sample: -------------------------------------------------------------------------------- 1 | # 2 | # The configuration file is similar to the command line, with one option per line. An equal 3 | # sign '=' should be used between key and value. Example: -c=mynetwork or --community=mynetwork 4 | # This file contains a basic configuration example, please refer to the help (-h) for the full 5 | # list of available options. 6 | # 7 | # -d|--tun-device 8 | # Specifies the name of the TUN interface. 9 | # 10 | -d=n2n0 11 | # 12 | # -c|--community 13 | # Specifies the n2n community name the edge belongs to. 14 | # 15 | -c=mynetwork 16 | # 17 | # -k 18 | # Sets the encryption key (ASCII). The environment variable N2N_KEY= can also be used. 19 | # 20 | -k=mypassword 21 | # 22 | # -m 23 | # Specified the MAC address for the TAP interface (random otherwise). 24 | # 25 | # -m=DE:AD:BE:EF:99:99 26 | # 27 | # -a 28 | # Sets the interface address. For DHCP use '-r -a dhcp:0.0.0.0'. 29 | # 30 | -a=1.2.3.4 31 | # 32 | # -p 33 | # Sets the local UDP port to a fixed port. 34 | # 35 | -p=50001 36 | # 37 | # -l|--supernode-list 38 | # Specifies the supernode IP and port. 39 | # 40 | -l=7.8.9.0:7777 41 | # 42 | -------------------------------------------------------------------------------- /packages/etc/n2n/supernode.conf.sample: -------------------------------------------------------------------------------- 1 | # 2 | # The configuration file is similar to the command line, with one option per line. An equal 3 | # sign '=' should be used between key and value. Example: -p=7777 4 | # This file contains a basic configuration example, please refer to the help (-h) for the full 5 | # list of available options. 6 | # 7 | # -p 8 | # Sets the UDP listening port. 9 | # 10 | -p=7777 11 | # 12 | # -c 13 | # Optionally specifies the allowed communities as listed in community.list file. 14 | # 15 | # -c=community.list 16 | -------------------------------------------------------------------------------- /packages/etc/systemd/system/edge-ntopng@.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=n2n edge process, on %I 3 | After=network-online.target syslog.target 4 | Wants=network-online.target 5 | BindsTo=ntopng.service 6 | 7 | [Service] 8 | Type=simple 9 | ExecStartPre= 10 | ExecStart=/usr/sbin/edge /etc/n2n/edge-%i.conf -f 11 | Restart=on-abnormal 12 | RestartSec=5 13 | 14 | [Install] 15 | WantedBy=ntopng.service 16 | Alias= 17 | -------------------------------------------------------------------------------- /packages/etc/systemd/system/edge.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=n2n edge process 3 | After=network-online.target syslog.target nfw.target 4 | Wants=network-online.target 5 | 6 | [Service] 7 | Type=simple 8 | ExecStartPre= 9 | ExecStart=/usr/sbin/edge /etc/n2n/edge.conf -f 10 | Restart=on-abnormal 11 | RestartSec=5 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | Alias= 16 | -------------------------------------------------------------------------------- /packages/etc/systemd/system/edge@.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=n2n edge process, on %I 3 | After=network-online.target syslog.target nfw.target 4 | Wants=network-online.target 5 | 6 | [Service] 7 | Type=simple 8 | ExecStartPre= 9 | ExecStart=/usr/sbin/edge /etc/n2n/edge-%i.conf -f 10 | Restart=on-abnormal 11 | RestartSec=5 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | Alias= 16 | -------------------------------------------------------------------------------- /packages/etc/systemd/system/supernode.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=n2n supernode process 3 | After=network-online.target syslog.target 4 | Wants=network-online.target 5 | 6 | [Service] 7 | Type=simple 8 | User=n2n 9 | Group=n2n 10 | ExecStart=/usr/sbin/supernode /etc/n2n/supernode.conf -f 11 | Restart=on-abnormal 12 | RestartSec=5 13 | 14 | [Install] 15 | WantedBy=multi-user.target 16 | Alias= 17 | -------------------------------------------------------------------------------- /packages/openwrt/Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (C) 2021 - ntop.org and contributors 3 | # 4 | 5 | include $(TOPDIR)/rules.mk 6 | 7 | PKG_NAME:=n2n 8 | PKG_VERSION:=HEAD 9 | PKG_RELEASE:=1 10 | 11 | PKG_SOURCE_PROTO:=git 12 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz 13 | 14 | # These are defaults for compiling without any environmental overrides 15 | # (eg, the github action calculates the correct overrides for each build) 16 | PKG_SOURCE_URL:=https://github.com/ntop/n2n 17 | PKG_SOURCE_VERSION:=dev 18 | PKG_MIRROR_HASH:=skip 19 | 20 | # Apply overrides from the build environment 21 | ifdef N2N_PKG_SOURCE_URL 22 | PKG_SOURCE_URL:=$(N2N_PKG_SOURCE_URL) 23 | endif 24 | ifdef N2N_PKG_SOURCE_VERSION 25 | PKG_SOURCE_VERSION:=$(N2N_PKG_SOURCE_VERSION) 26 | endif 27 | ifdef N2N_PKG_VERSION 28 | PKG_VERSION:=$(N2N_PKG_VERSION) 29 | endif 30 | 31 | PKG_MAINTAINER:=Emanuele Faranda 32 | PKG_LICENSE:=GPL3 33 | 34 | # autogen fix 35 | PKG_FIXUP:=autoreconf 36 | 37 | include $(INCLUDE_DIR)/package.mk 38 | 39 | define Package/n2n/Default 40 | SECTION:=net 41 | CATEGORY:=Network 42 | TITLE:=N2N Peer-to-peer VPN 43 | URL:=http://www.ntop.org/n2n 44 | SUBMENU:=VPN 45 | DEPENDS+=+libcap 46 | endef 47 | 48 | define Package/n2n-edge 49 | $(call Package/n2n/Default) 50 | TITLE+= client (edge node) 51 | DEPENDS+=+kmod-tun 52 | endef 53 | 54 | define Package/n2n-supernode 55 | $(call Package/n2n/Default) 56 | TITLE+= server (supernode) 57 | endef 58 | 59 | define Package/n2n-edge/description 60 | The client node for the N2N infrastructure 61 | endef 62 | 63 | define Package/n2n-supernode/description 64 | The supernode for the N2N infrastructure 65 | endef 66 | 67 | define Build/Configure 68 | ( cd $(PKG_BUILD_DIR); \ 69 | ./autogen.sh; \ 70 | LDFLAGS=--static ./configure ) 71 | endef 72 | 73 | define Package/n2n-edge/conffiles 74 | /etc/n2n/edge.conf 75 | endef 76 | 77 | define Package/n2n-edge/install 78 | $(INSTALL_DIR) $(1)/usr/bin 79 | $(INSTALL_BIN) $(PKG_BUILD_DIR)/edge $(1)/usr/bin/ 80 | $(INSTALL_DIR) $(1)/etc/init.d 81 | $(INSTALL_BIN) $(PKG_BUILD_DIR)/packages/openwrt/etc/init.d/edge $(1)/etc/init.d/edge 82 | $(INSTALL_DIR) $(1)/etc/n2n 83 | $(INSTALL_CONF) $(PKG_BUILD_DIR)/packages/etc/n2n/edge.conf.sample $(1)/etc/n2n/edge.conf 84 | endef 85 | 86 | define Package/n2n-supernode/conffiles 87 | /etc/n2n/supernode.conf 88 | endef 89 | 90 | define Package/n2n-supernode/install 91 | $(INSTALL_DIR) $(1)/usr/bin 92 | $(INSTALL_BIN) $(PKG_BUILD_DIR)/supernode $(1)/usr/bin/ 93 | $(INSTALL_DIR) $(1)/etc/init.d 94 | $(INSTALL_BIN) $(PKG_BUILD_DIR)/packages/openwrt/etc/init.d/supernode $(1)/etc/init.d/supernode 95 | $(INSTALL_DIR) $(1)/etc/n2n 96 | $(INSTALL_CONF) $(PKG_BUILD_DIR)/packages/etc/n2n/supernode.conf.sample $(1)/etc/n2n/supernode.conf 97 | endef 98 | 99 | $(eval $(call BuildPackage,n2n-edge)) 100 | $(eval $(call BuildPackage,n2n-supernode)) 101 | -------------------------------------------------------------------------------- /packages/openwrt/README.md: -------------------------------------------------------------------------------- 1 | ## Prerequisites 2 | 3 | This instructions explain how to build an OpenWRT .ipk package for n2n. 4 | 5 | You will either need to build a full OpenWRT buildchain (See the github 6 | action for building openwrt.yml for some example steps) or have a working 7 | cross-compiling build environment for the OpenWRT version installed into 8 | your device. 9 | 10 | ### Downloading a cross-compiling build environment 11 | 12 | This usually comes down to the following steps: 13 | 14 | 1. Download and extract the SDK toolchain for your device. The toolchain 15 | must match the *exact* OpenWRT version installed in your device. Toolchain 16 | for official OpenWRT images can be downloaded from https://downloads.openwrt.org 17 | 18 | 2. Build the toolchain: run `make menuconfig`, save the configuration, then 19 | run `make` to build the cross compiling tools 20 | 21 | 3. Download the feeds with `./scripts/feeds update -a` 22 | 23 | ## Compilation 24 | 25 | These instructions are for building the current checked out version of the 26 | n2n source (The generally used OpenWRT alternative is to download a tar.gz 27 | file of a specific n2n version, but that is not as suitable for development 28 | or local builds) 29 | 30 | You need both the openwrt repository and the n2n repository checked out 31 | for this. In these instructions, we assume that `openwrt` is the directory 32 | where your openwrt checkout is located and `n2n` is the directory for 33 | the n2n repository. 34 | 35 | ``` 36 | git clone https://github.com/ntop/n2n n2n 37 | N2N_PKG_VERSION=$(n2n/scripts/version.sh) 38 | export N2N_PKG_VERSION 39 | echo $N2N_PKG_VERSION 40 | 41 | cp -r n2n/packages/openwrt openwrt/package/n2n 42 | 43 | cd openwrt 44 | make oldconfig 45 | # In the VPN section, select "m" for n2n-edge and n2n-supernode 46 | 47 | make package/n2n/clean V=s 48 | make package/n2n/prepare USE_SOURCE_DIR=$(realpath ../n2n) V=s 49 | make package/n2n/compile V=s 50 | ``` 51 | 52 | If everything went fine, two ipk will be generated, one for the n2n-edge 53 | and the other for n2n-supernode. They can be found with `find . -name "n2n*.ipk"`, 54 | copied to the target device, and installed with `opkg install`. 55 | 56 | The github action described in `.github/workflows/openwrt.yml` implements 57 | an automated version of the above steps. 58 | 59 | ## Configuration 60 | 61 | The edge node can be started with `/etc/init.d/edge start`. 62 | Its configuration file is `/etc/n2n/edge.conf`. 63 | 64 | The supernode can be started with `/etc/init.d/supernode start`. 65 | Its configuration file is `/etc/n2n/supernode.conf`. 66 | -------------------------------------------------------------------------------- /packages/openwrt/config.bthh5a: -------------------------------------------------------------------------------- 1 | # OpenWrt Configuration snippet 2 | # - will enable building for BT Home Hub 5a 3 | # 4 | CONFIG_TARGET_lantiq=y 5 | CONFIG_TARGET_lantiq_xrx200=y 6 | CONFIG_TARGET_lantiq_xrx200_DEVICE_bt_homehub-v5a=y 7 | 8 | # Would be needed for a full standalone build, but are packages that should 9 | # be available from the distributed openwrt build repository 10 | # CONFIG_PACKAGE_kmod-tun=m 11 | # CONFIG_PACKAGE_libcap=m 12 | -------------------------------------------------------------------------------- /packages/openwrt/config.n2n: -------------------------------------------------------------------------------- 1 | # OpenWrt Configuration snippet 2 | # - will enable building the N2N packages 3 | # 4 | CONFIG_TARGET_lantiq=y 5 | CONFIG_TARGET_lantiq_xrx200=y 6 | CONFIG_TARGET_lantiq_xrx200_DEVICE_bt_homehub-v5a=y 7 | 8 | -------------------------------------------------------------------------------- /packages/openwrt/config.x86: -------------------------------------------------------------------------------- 1 | # OpenWrt Configuration snippet 2 | # - will enable building on x86 target (mainly for build tests) 3 | # 4 | CONFIG_TARGET_x86=y 5 | CONFIG_TARGET_x86_64=y 6 | -------------------------------------------------------------------------------- /packages/openwrt/etc/init.d/edge: -------------------------------------------------------------------------------- 1 | #!/bin/sh /etc/rc.common 2 | START=90 3 | STOP=10 4 | 5 | USE_PROCD=1 6 | PROG=/usr/bin/edge 7 | CONFIGFILE=/etc/n2n/edge.conf 8 | 9 | start_service() { 10 | procd_open_instance 11 | procd_set_param command $PROG $CONFIGFILE 12 | procd_set_param file $CONFIGFILE 13 | procd_set_param respawn 14 | procd_close_instance 15 | } 16 | 17 | stop_service() 18 | { 19 | service_stop $PROG 20 | } 21 | 22 | service_triggers() 23 | { 24 | procd_add_reload_trigger "edge" 25 | } 26 | -------------------------------------------------------------------------------- /packages/openwrt/etc/init.d/supernode: -------------------------------------------------------------------------------- 1 | #!/bin/sh /etc/rc.common 2 | START=90 3 | STOP=10 4 | 5 | USE_PROCD=1 6 | PROG=/usr/bin/supernode 7 | CONFIGFILE=/etc/n2n/supernode.conf 8 | 9 | start_service() { 10 | procd_open_instance 11 | procd_set_param command $PROG $CONFIGFILE 12 | procd_set_param file $CONFIGFILE 13 | procd_set_param respawn 14 | procd_close_instance 15 | } 16 | 17 | stop_service() 18 | { 19 | service_stop $PROG 20 | } 21 | 22 | service_triggers() 23 | { 24 | procd_add_reload_trigger "supernode" 25 | } 26 | -------------------------------------------------------------------------------- /packages/rpm/Makefile.in: -------------------------------------------------------------------------------- 1 | # 2 | # Change it according to your setup 3 | # 4 | N2N_HOME=$(PWD)/../.. 5 | N2N_BUILD=${N2N_HOME}/packages/debian/n2n 6 | PLATFORM=@MACHINE@ 7 | RPM_PKG=n2n-@N2N_VERSION_RPM@-1.$(PLATFORM).rpm 8 | 9 | all: clean pkg 10 | 11 | pkg: 12 | rpmbuild -bb ./n2n.spec 13 | -@@RPM_SIGN_CMD@ $(HOME)/rpmbuild/RPMS/$(PLATFORM)/$(RPM_PKG) 14 | @echo "" 15 | @echo "Package contents:" 16 | @rpm -qpl $(HOME)/rpmbuild/RPMS/$(PLATFORM)/$(RPM_PKG) 17 | @echo "The package is now available in $(HOME)/rpmbuild/RPMS/$(PLATFORM)/$(RPM_PKG)" 18 | 19 | distclean: 20 | echo "dummy distclean" 21 | 22 | install: 23 | echo "dummy install" 24 | 25 | clean: 26 | rm -rf *~ *rpm 27 | -------------------------------------------------------------------------------- /packages/rpm/configure.in: -------------------------------------------------------------------------------- 1 | AC_INIT([Makefile.in], 1.0) 2 | 3 | # NOTE: this file is not actually used. You need to edit configure as well! 4 | N2N_VERSION_RPM=$(../../scripts/version.sh |tr - _) 5 | 6 | MACHINE=`uname -m` 7 | SHORT_MACHINE=`uname -m | cut -b1-3` 8 | 9 | if test $MACHINE = "x86_64"; then 10 | EXTN="amd64" 11 | else 12 | if test $SHORT_MACHINE = "aar"; then 13 | EXTN="arm64" 14 | EXTRA_DEPS="" 15 | else 16 | if test $SHORT_MACHINE = "arm"; then 17 | EXTN="armhf" 18 | EXTRA_DEPS="" 19 | else 20 | if test $SHORT_MACHINE = "mip"; then 21 | EXTN="mips" 22 | EXTRA_DEPS="" 23 | else 24 | EXTN="i386" 25 | fi 26 | fi 27 | fi 28 | fi 29 | 30 | APP=n2n 31 | DATE=`date -R` 32 | 33 | CENTOS_RELEASE=`cat /etc/centos-release | cut -d ' ' -f 3|cut -d '.' -f 1` 34 | if test $CENTOS_RELEASE = "release"; then 35 | CENTOS_RELEASE=`cat /etc/centos-release | cut -d ' ' -f 4|cut -d '.' -f 1` 36 | fi 37 | 38 | RPM_SIGN_CMD="rpm --addsign" 39 | if test "$CENTOS_RELEASE" -ne 8; then 40 | RPM_SIGN_CMD="./rpm-sign.exp" 41 | fi 42 | 43 | AC_SUBST(APP) 44 | AC_SUBST(MACHINE) 45 | AC_SUBST(N2N_VERSION_RPM) 46 | AC_SUBST(EXTN) 47 | AC_SUBST(DATE) 48 | AC_SUBST(RPM_SIGN_CMD) 49 | 50 | AC_CONFIG_FILES(n2n.spec) 51 | AC_CONFIG_FILES(Makefile) 52 | AC_OUTPUT 53 | -------------------------------------------------------------------------------- /packages/rpm/n2n.spec.in: -------------------------------------------------------------------------------- 1 | Summary: n2n peer-to-peer VPN 2 | Name: n2n 3 | Version: @N2N_VERSION_RPM@ 4 | Release: 1 5 | License: GPL 6 | Group: Networking/Utilities 7 | URL: http://www.ntop.org/ 8 | Source: n2n-%{version}.tgz 9 | Packager: Luca Deri 10 | # Temporary location where the RPM will be built 11 | BuildRoot: %{_tmppath}/%{name}-%{version}-root 12 | Requires: libzstd 13 | 14 | # Make sure .build-id is not part of the package 15 | %define _build_id_links none 16 | 17 | %description 18 | n2n peer-to-peer VPN 19 | 20 | %prep 21 | 22 | %build 23 | 24 | mkdir -p $RPM_BUILD_ROOT/usr/sbin $RPM_BUILD_ROOT/usr/share/man/man1 $RPM_BUILD_ROOT/usr/share/man/man7 $RPM_BUILD_ROOT/usr/share/man/man8 25 | mkdir -p $RPM_BUILD_ROOT/etc/n2n 26 | mkdir -p $RPM_BUILD_ROOT/usr/lib/systemd/system/ 27 | cp $HOME/n2n/edge $RPM_BUILD_ROOT/usr/sbin 28 | cp $HOME/n2n/supernode $RPM_BUILD_ROOT/usr/sbin 29 | cp $HOME/n2n/n2n.7.gz $RPM_BUILD_ROOT/usr/share/man/man7 30 | cp $HOME/n2n/supernode.1.gz $RPM_BUILD_ROOT/usr/share/man/man1 31 | cp $HOME/n2n/edge.8.gz $RPM_BUILD_ROOT/usr/share/man/man8 32 | cp $HOME/n2n/packages/etc/systemd/system/*.service $RPM_BUILD_ROOT/usr/lib/systemd/system/ 33 | cp $HOME/n2n/packages/etc/n2n/*.conf.sample $RPM_BUILD_ROOT/etc/n2n 34 | 35 | find $RPM_BUILD_ROOT -name ".git" | xargs /bin/rm -rf 36 | find $RPM_BUILD_ROOT -name ".svn" | xargs /bin/rm -rf 37 | find $RPM_BUILD_ROOT -name "*~" | xargs /bin/rm -f 38 | # 39 | DST=$RPM_BUILD_ROOT/usr/n2n 40 | SRC=$RPM_BUILD_DIR/%{name}-%{version} 41 | #mkdir -p $DST/conf 42 | # Clean out our build directory 43 | %clean 44 | rm -fr $RPM_BUILD_ROOT 45 | 46 | %files 47 | /usr/sbin/edge 48 | /usr/sbin/supernode 49 | /usr/share/man/man7/n2n.7.gz 50 | /usr/share/man/man1/supernode.1.gz 51 | /usr/share/man/man8/edge.8.gz 52 | /usr/lib/systemd/system/edge.service 53 | /usr/lib/systemd/system/edge@.service 54 | /usr/lib/systemd/system/edge-ntopng@.service 55 | /usr/lib/systemd/system/supernode.service 56 | %config(noreplace) /etc/n2n/supernode.conf.sample 57 | %config(noreplace) /etc/n2n/edge.conf.sample 58 | 59 | # Set the default attributes of all of the files specified to have an 60 | # owner and group of root and to inherit the permissions of the file 61 | # itself. 62 | %defattr(-, root, root) 63 | 64 | %changelog 65 | * Fri Aug 17 2018 Luca Deri 1.0 66 | - Current package version 67 | 68 | # Execution order: 69 | # install: pre -> (copy) -> post 70 | # upgrade: pre -> (copy) -> post -> preun (old) -> (delete old) -> postun (old) 71 | # un-install: preun -> (delete) -> postun 72 | 73 | %pre 74 | 75 | if ! grep -q n2n /etc/group; then 76 | echo 'Creating n2n group' 77 | /usr/sbin/groupadd -r n2n 78 | fi 79 | 80 | if ! /usr/bin/id -u n2n > /dev/null 2>&1; then 81 | echo 'Creating n2n user' 82 | /usr/sbin/useradd -M -N -g n2n -r -s /bin/false n2n 83 | fi 84 | 85 | %post 86 | if [ -f /bin/systemctl ]; then 87 | if [ ! -f /.dockerenv ]; then 88 | /bin/systemctl daemon-reload 89 | # NOTE: do not enable any services during first installation 90 | fi 91 | fi 92 | 93 | %preun 94 | if [ -f /bin/systemctl ]; then 95 | if [ ! -f /.dockerenv ]; then 96 | # possibly remove the installed services 97 | %systemd_preun supernode.service edge.service 'edge-ntopng@*.service' 'edge@*.service' 98 | fi 99 | fi 100 | 101 | %postun 102 | if [ -f /bin/systemctl ]; then 103 | if [ ! -f /.dockerenv ]; then 104 | # possibly restart the running services 105 | %systemd_postun_with_restart supernode.service edge.service 'edge-ntopng@*.service' 'edge@*.service' 106 | fi 107 | fi 108 | -------------------------------------------------------------------------------- /packages/rpm/rpm-sign.exp: -------------------------------------------------------------------------------- 1 | #!/usr/bin/expect -f 2 | 3 | ### rpm-sign.exp -- Sign RPMs by sending the passphrase. 4 | 5 | spawn rpm --addsign {*}$argv 6 | expect -exact "Enter pass phrase: " 7 | send -- "\r" 8 | expect eof 9 | 10 | ## end of rpm-sign.exp 11 | -------------------------------------------------------------------------------- /packages/ubuntu: -------------------------------------------------------------------------------- 1 | debian -------------------------------------------------------------------------------- /scripts/README.md: -------------------------------------------------------------------------------- 1 | This directory contains executables that are not compiled. Some of these may 2 | end up installed for use by end users, but many of them are for use during 3 | development, builds and tests. 4 | 5 | Nothing in this directory should need compiling to use and they should be 6 | written such that they do not need configuring (e.g: they might probe several 7 | directories for their requirements) 8 | 9 | See the [Scripts Documentation](../docs/Scripts.md) for further details 10 | -------------------------------------------------------------------------------- /scripts/hack_fakeautoconf.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Specifically for windows, where installing autoconf looks suspiciously 4 | # like boiling the ocean. 5 | 6 | cat <include/config.h.in 7 | // Created by hack fake autoconf for windows 8 | // not actually a config input 9 | EOF 10 | 11 | cat <configure 12 | #!/bin/sh 13 | echo Created by hack fake autoconf for windows 14 | echo not a confgure script 15 | exit 1 16 | EOF 17 | chmod a+x configure 18 | 19 | cat >config.mak <include/config.h 33 | #define PACKAGE_VERSION "FIXME" 34 | #define PACKAGE_BUILDDATE "$(date)" 35 | EOF 36 | -------------------------------------------------------------------------------- /scripts/indent.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Given one or more input source files, run a re-indenter on them. 4 | 5 | help() { 6 | echo "Usage: scripts/indent [-i] [file...]" 7 | echo " -i modify file in place with reindent results" 8 | echo "" 9 | echo "By default, will output a diff and exitcode if changed are needed" 10 | echo "If modifying files, no exit code or diff is output" 11 | exit 1 12 | } 13 | 14 | [ -z "$1" ] && help 15 | [ "$1" = "-h" ] && help 16 | [ "$1" = "--help" ] && help 17 | 18 | INPLACE=0 19 | if [ "$1" = "-i" ]; then 20 | shift 21 | INPLACE=1 22 | fi 23 | 24 | ## indentOneClang() { 25 | ## rm -f "$1.indent" 26 | ## clang-format "$1" >"$1.indent" 27 | ## if [ $? -ne 0 ]; then 28 | ## echo "Error while formatting \"$1\"" 29 | ## RESULT=1 30 | ## return 31 | ## fi 32 | ## diff -u "$1" "$1.indent" 33 | ## if [ $? -ne 0 ]; then 34 | ## RESULT=1 35 | ## fi 36 | ## } 37 | 38 | indentOne() { 39 | IFILE="$1" 40 | if [ "$INPLACE" -eq 0 ]; then 41 | OFILE="$1.indent" 42 | rm -f "$OFILE" 43 | else 44 | OFILE="$1" 45 | fi 46 | if ! uncrustify -c uncrustify.cfg -f "$IFILE" -o "$OFILE"; then 47 | echo "Error while formatting \"$1\"" 48 | RESULT=1 49 | return 50 | fi 51 | if ! diff -u "$IFILE" "$OFILE"; then 52 | RESULT=1 53 | fi 54 | } 55 | 56 | RESULT=0 57 | while [ -n "$1" ]; do 58 | indentOne "$1" 59 | shift 60 | done 61 | exit $RESULT 62 | -------------------------------------------------------------------------------- /scripts/n2n-gateway.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # This is a sample script to route all the host traffic towards a remote 4 | # gateway, which is reacheable via the n2n virtual interface. 5 | # 6 | # This assumes the n2n connection is already been established and the 7 | # VPN gateway can be pinged by this host. 8 | # 9 | 10 | ####################################################### 11 | # CONFIG 12 | ####################################################### 13 | 14 | # The IP address of the gateway through the n2n interface 15 | N2N_GATEWAY="192.168.100.1" 16 | 17 | # The IP address of the supernode as configured in n2n 18 | N2N_SUPERNODE="1.2.3.4" 19 | 20 | # The n2n interface name 21 | N2N_INTERFACE="n2n0" 22 | 23 | # The DNS server to use. Must be a public DNS or a DNS located on the 24 | # N2N virtual network, otherwise DNS query information will be leaked 25 | # outside the VPN. 26 | DNS_SERVER="8.8.8.8" 27 | 28 | ####################################################### 29 | # END CONFIG 30 | ####################################################### 31 | 32 | if [[ $UID -ne 0 ]]; then 33 | echo "This script must be run as root" 34 | exit 1 35 | fi 36 | 37 | if ! ip route get $N2N_GATEWAY | grep -q $N2N_INTERFACE ; then 38 | echo "Cannot reach the gateway ($N2N_GATEWAY) via $N2N_INTERFACE. Is edge running?" 39 | exit 1 40 | fi 41 | 42 | # Determine the current internet gateway 43 | internet_gateway=$(ip route get 8.8.8.8 | head -n1 | awk '{ print $3 }') 44 | 45 | # Backup the DNS resolver configuration and use the specified server 46 | cp /etc/resolv.conf /etc/resolv.conf.my_bak 47 | echo "Using DNS server $DNS_SERVER" 48 | echo "nameserver $DNS_SERVER" > /etc/resolv.conf 49 | 50 | # The public IP of the supernode must be reachable via the internet gateway 51 | # Whereas all the other traffic will go through the new VPN gateway. 52 | ip route add $N2N_SUPERNODE via "$internet_gateway" 53 | ip route del default 54 | echo "Forwarding traffic via $N2N_GATEWAY" 55 | ip route add default via $N2N_GATEWAY 56 | 57 | function stopService { 58 | echo "Deleting custom routes" 59 | ip route del default 60 | ip route del $N2N_SUPERNODE via "$internet_gateway" 61 | 62 | echo "Restoring original gateway $internet_gateway" 63 | ip route add default via "$internet_gateway" 64 | 65 | echo "Restoring original DNS" 66 | mv /etc/resolv.conf.my_bak /etc/resolv.conf 67 | 68 | exit 0 69 | } 70 | 71 | # setup signal handlers 72 | trap "stopService" SIGHUP SIGINT SIGTERM 73 | 74 | # enter wait loop 75 | echo "VPN is now up" 76 | while :; do sleep 300; done 77 | -------------------------------------------------------------------------------- /scripts/test_harness.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Run with the name of a test list file. 4 | # 5 | # This expects to find the tests in the tools dir or scripts dir and the 6 | # expected results in the tests dir. 7 | 8 | # boilerplate so we can support whaky cmake dirs 9 | [ -z "$TOPDIR" ] && TOPDIR="." 10 | [ -z "$BINDIR" ] && BINDIR="." 11 | export TOPDIR 12 | export BINDIR 13 | 14 | if [ -z "$1" ]; then 15 | echo need test list filename 16 | exit 1 17 | fi 18 | TESTLIST="$1" 19 | LISTDIR=$(dirname "$TESTLIST") 20 | 21 | TESTS=$(sed -e "s/#.*//" "$TESTLIST") 22 | 23 | # Actually run the tests 24 | for i in $TESTS; do 25 | # Look in several places for the test program 26 | if [ -e "$BINDIR/$i" ]; then 27 | TEST="$BINDIR/$i" 28 | elif [ -e "$BINDIR/tools/$i" ]; then 29 | TEST="$BINDIR/tools/$i" 30 | elif [ -e "$LISTDIR/../scripts/$i" ]; then 31 | TEST="$LISTDIR/../scripts/$i" 32 | else 33 | echo "Could not find test $i" 34 | exit 1 35 | fi 36 | 37 | if [ ! -e "$LISTDIR/$i.expected" ]; then 38 | echo "Could not find testdata $LISTDIR/$i.expected" 39 | exit 1 40 | fi 41 | 42 | echo "$TEST >$LISTDIR/$i.out" 43 | set -e 44 | "$TEST" >"$LISTDIR/$i.out" 45 | cmp "$LISTDIR/$i.expected" "$LISTDIR/$i.out" 46 | set +e 47 | done 48 | -------------------------------------------------------------------------------- /scripts/test_integration_edge.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Do some quick tests via the Json API against the edge 4 | # 5 | 6 | AUTH=n2n 7 | 8 | # boilerplate so we can support whaky cmake dirs 9 | [ -z "$TOPDIR" ] && TOPDIR=. 10 | [ -z "$BINDIR" ] && BINDIR=. 11 | 12 | docmd() { 13 | echo "###" 14 | "$@" 15 | echo 16 | } 17 | 18 | # start a supernode 19 | docmd "${BINDIR}"/supernode -v 20 | 21 | # Start the edge in the background 22 | docmd sudo "${BINDIR}"/edge -l localhost:7654 -c test >/dev/null 23 | # TODO: 24 | # - send edge messages to stderr? 25 | 26 | # TODO: probe the api endpoint, waiting for both the supernode and edge to be 27 | # available? 28 | sleep 0.1 29 | 30 | docmd "${TOPDIR}"/scripts/n2n-ctl communities 31 | docmd "${TOPDIR}"/scripts/n2n-ctl packetstats 32 | docmd "${TOPDIR}"/scripts/n2n-ctl edges --raw 33 | 34 | # TODO: 35 | # docmd ${TOPDIR}/scripts/n2n-ctl supernodes --raw 36 | # - need fixed mac address 37 | # - need to mask out: 38 | # - version string 39 | # - last_seen timestamp 40 | # - uptime 41 | 42 | docmd "${TOPDIR}"/scripts/n2n-ctl verbose 43 | docmd "${TOPDIR}"/scripts/n2n-ctl --write verbose 1 2>/dev/null 44 | echo $? 45 | docmd "${TOPDIR}"/scripts/n2n-ctl -k $AUTH --write verbose 1 46 | 47 | # looks strange, but we are querying the state of the "stop" verb 48 | docmd "${TOPDIR}"/scripts/n2n-ctl stop 49 | 50 | # stop them both 51 | docmd "${TOPDIR}"/scripts/n2n-ctl -k $AUTH --write stop 52 | docmd "${TOPDIR}"/scripts/n2n-ctl -t 5645 -k $AUTH --write stop 53 | 54 | -------------------------------------------------------------------------------- /scripts/test_integration_supernode.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Do some quick tests via the Json API against the supernode 4 | # 5 | 6 | AUTH=n2n 7 | 8 | # boilerplate so we can support whaky cmake dirs 9 | [ -z "$TOPDIR" ] && TOPDIR=. 10 | [ -z "$BINDIR" ] && BINDIR=. 11 | 12 | docmd() { 13 | echo "###" 14 | "$@" 15 | echo 16 | } 17 | 18 | # start it running in the background 19 | docmd "${BINDIR}"/supernode -v 20 | 21 | # TODO: probe the api endpoint, waiting for the supernode to be available? 22 | sleep 0.1 23 | 24 | docmd "${TOPDIR}"/scripts/n2n-ctl -t 5645 communities 25 | docmd "${TOPDIR}"/scripts/n2n-ctl -t 5645 packetstats 26 | docmd "${TOPDIR}"/scripts/n2n-ctl -t 5645 edges --raw 27 | 28 | docmd "${TOPDIR}"/scripts/n2n-ctl -t 5645 verbose 29 | docmd "${TOPDIR}"/scripts/n2n-ctl -t 5645 -k $AUTH --write verbose 1 30 | 31 | # looks strange, but we are querying the state of the "stop" verb 32 | docmd "${TOPDIR}"/scripts/n2n-ctl -t 5645 stop 33 | 34 | # stop it 35 | docmd "${TOPDIR}"/scripts/n2n-ctl -t 5645 -k $AUTH --write stop 36 | 37 | -------------------------------------------------------------------------------- /scripts/version.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Output the current version number 4 | # 5 | 6 | usage() { 7 | echo "Usage: $0 [date|short|hash]" 8 | echo 9 | echo "Determine the correct version number for the current build" 10 | exit 0 11 | } 12 | 13 | # We assume this script is in the TOPDIR/scripts directory and use that 14 | # to find any other files we need 15 | TOPDIR=$(dirname "$0")/.. 16 | 17 | VER_FILE_SHORT=$(cat "${TOPDIR}/VERSION") 18 | 19 | if [ -d "$TOPDIR/.git" ]; then 20 | # If there is a .git directory in our TOPDIR, then this is assumed to be 21 | # real git checkout 22 | 23 | cd "$TOPDIR" || exit 1 24 | 25 | VER_GIT_SHORT=$(git describe --abbrev=0) 26 | 27 | if [ "$VER_FILE_SHORT" != "$VER_GIT_SHORT" ]; then 28 | echo "Error: VERSION file does not match tag version ($VER_FILE_SHORT != $VER_GIT_SHORT)" 29 | exit 1 30 | fi 31 | 32 | VER_SHORT="$VER_GIT_SHORT" 33 | VER_HASH=$(git rev-parse --short HEAD) 34 | VER=$(git describe --abbrev=7 --dirty) 35 | DATE=$(git log -1 --format=%cd) 36 | else 37 | # If there is no .git directory in our TOPDIR, we fall back on relying on 38 | # the VERSION file 39 | 40 | VER_SHORT="$VER_FILE_SHORT" 41 | VER_HASH="HEAD" 42 | VER="$VER_FILE_SHORT" 43 | DATE=$(date) 44 | fi 45 | 46 | case "$1" in 47 | date) 48 | echo "$DATE" 49 | ;; 50 | hash) 51 | echo "$VER_HASH" 52 | ;; 53 | short) 54 | echo "$VER_SHORT" 55 | ;; 56 | "") 57 | echo "$VER" 58 | ;; 59 | *) 60 | usage 61 | ;; 62 | esac 63 | -------------------------------------------------------------------------------- /src/hexdump.c: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | 20 | #include // for uint8_t 21 | #include // for fprintf, FILE 22 | #include "hexdump.h" // for fhexdump 23 | 24 | 25 | void fhexdump(unsigned int display_addr, void *in, int size, FILE *stream) { 26 | uint8_t *p = in; 27 | 28 | while(size>0) { 29 | int i; 30 | 31 | fprintf(stream, "%03x: ", display_addr); 32 | 33 | for (i = 0; i < 16; i++) { 34 | if (i < size) { 35 | fprintf(stream, "%02x", p[i]); 36 | } else { 37 | fprintf(stream, " "); 38 | } 39 | if (i==7) { 40 | fprintf(stream, " "); 41 | } else { 42 | fprintf(stream, " "); 43 | } 44 | } 45 | fprintf(stream, " |"); 46 | 47 | for (i = 0; i < 16; i++) { 48 | if (i < size) { 49 | char ch = p[i]; 50 | if (ch>=0x20 && ch<=0x7e) { 51 | fprintf(stream, "%c", ch); 52 | } else { 53 | fprintf(stream, " "); 54 | } 55 | } 56 | } 57 | fprintf(stream, "|\n"); 58 | 59 | size -= 16; 60 | display_addr += 16; 61 | p += 16; 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /src/management.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Internal interface definitions for the management interfaces 3 | * 4 | * This header is not part of the public library API and is thus not in 5 | * the public include folder 6 | */ 7 | 8 | #ifndef MANAGEMENT_H 9 | #define MANAGEMENT_H 1 10 | 11 | #include // For the n2n_edge_t and n2n_sn_t defs 12 | #include 13 | #include // for size_t 14 | #include // for uint64_t 15 | #include // for ssize_t 16 | #include "n2n_define.h" // for n2n_event_topic 17 | #include "strbuf.h" 18 | 19 | #ifdef _WIN32 20 | #include 21 | #else 22 | #include // for sockaddr, sockaddr_storage, socklen_t 23 | #endif 24 | 25 | enum n2n_mgmt_type { 26 | N2N_MGMT_UNKNOWN = 0, 27 | N2N_MGMT_READ = 1, 28 | N2N_MGMT_WRITE = 2, 29 | N2N_MGMT_SUB = 3, 30 | }; 31 | 32 | /* 33 | * Everything needed to reply to a request 34 | * 35 | * TODO: 36 | * - one day, we might be able to merge the sss and eee members 37 | * - once eee and sss are merged, some fields should migrate back into it: 38 | * - mgmt_sock 39 | * - keep_running 40 | * - mgmt_password_hash 41 | */ 42 | typedef struct mgmt_req { 43 | n2n_sn_t *sss; 44 | n2n_edge_t *eee; 45 | int mgmt_sock; // socket replies come from 46 | bool *keep_running; 47 | uint64_t mgmt_password_hash; 48 | enum n2n_mgmt_type type; 49 | char *argv0; 50 | char *argv; 51 | char tag[10]; 52 | socklen_t sock_len; 53 | union { 54 | struct sockaddr sender_sock; 55 | struct sockaddr_storage sas; // memory for the socket, actual socket can be longer than sockaddr 56 | }; 57 | } mgmt_req_t; 58 | 59 | /* 60 | * Read/Write handlers are defined in this structure 61 | * TODO: DRY 62 | */ 63 | #define FLAG_WROK 1 64 | typedef struct mgmt_handler { 65 | int flags; 66 | char *cmd; 67 | char *help; 68 | void (*func)(mgmt_req_t *req, strbuf_t *buf); 69 | } mgmt_handler_t; 70 | 71 | /* 72 | * Event topic names are defined in this structure 73 | */ 74 | typedef struct mgmt_events { 75 | enum n2n_event_topic topic; 76 | char *cmd; 77 | char *help; 78 | } mgmt_events_t; 79 | 80 | typedef size_t (mgmt_event_handler_t)(strbuf_t *buf, char *tag, int data0, void *data1); 81 | 82 | // Lookup the index of matching argv0 in a cmd list 83 | // store index in "Result", or -1 for not found 84 | #define lookup_handler(Result, list, argv0) do { \ 85 | int nr_max = sizeof(list) / sizeof(list[0]); \ 86 | for( Result=0; Result < nr_max; Result++ ) { \ 87 | if(0 == strcmp(list[Result].cmd, argv0)) { \ 88 | break; \ 89 | } \ 90 | } \ 91 | if( Result >= nr_max ) { \ 92 | Result = -1; \ 93 | } \ 94 | } while(0) 95 | 96 | ssize_t send_reply (mgmt_req_t *req, strbuf_t *buf, size_t msg_len); 97 | size_t gen_json_1str (strbuf_t *buf, char *tag, char *_type, char *key, char *val); 98 | size_t gen_json_1uint (strbuf_t *buf, char *tag, char *_type, char *key, unsigned int val); 99 | void send_json_1str (mgmt_req_t *req, strbuf_t *buf, char *_type, char *key, char *val); 100 | void send_json_1uint (mgmt_req_t *req, strbuf_t *buf, char *_type, char *key, unsigned int val); 101 | 102 | void mgmt_error (mgmt_req_t *req, strbuf_t *buf, char *msg); 103 | 104 | void mgmt_stop (mgmt_req_t *req, strbuf_t *buf); 105 | void mgmt_verbose (mgmt_req_t *req, strbuf_t *buf); 106 | void mgmt_unimplemented (mgmt_req_t *req, strbuf_t *buf); 107 | 108 | void mgmt_event_post2 (enum n2n_event_topic topic, int data0, void *data1, mgmt_req_t *debug, mgmt_req_t *sub, mgmt_event_handler_t fn); 109 | void mgmt_help_row (mgmt_req_t *req, strbuf_t *buf, char *cmd, char *help); 110 | void mgmt_help_events_row (mgmt_req_t *req, strbuf_t *buf, mgmt_req_t *sub, char *cmd, char *help); 111 | int mgmt_auth (mgmt_req_t *req, char *auth); 112 | bool mgmt_req_init2 (mgmt_req_t *req, strbuf_t *buf, char *cmdline); 113 | 114 | #endif 115 | -------------------------------------------------------------------------------- /src/strbuf.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Internal interface definitions for the strbuf abstrction 3 | * 4 | * This header is not part of the public library API and is thus not in 5 | * the public include folder 6 | */ 7 | 8 | #ifndef STRBUF_H 9 | #define STRBUF_H 1 10 | 11 | typedef struct strbuf { 12 | size_t size; 13 | char str[]; 14 | } strbuf_t; 15 | 16 | // Initialise the strbuf pointer buf to point at the storage area p 17 | // of size buflen 18 | #define STRBUF_INIT(buf,p,buflen) do { \ 19 | buf = (void *)p; \ 20 | buf->size = buflen - sizeof(size_t); \ 21 | } while(0) 22 | 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /src/transform_lzo.c: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | 20 | #include // for uint8_t 21 | #include // for size_t, calloc, free, NULL 22 | #include // for memset 23 | #include // for time_t 24 | #include "minilzo.h" // for lzo1x_1_compress, lzo1x_decompress, LZO1X_1_M... 25 | #include "n2n.h" // for n2n_trans_op_t, TRACE_ERROR, traceEvent, N2N_... 26 | 27 | 28 | /* heap allocation for compression as per lzo example doc */ 29 | #define HEAP_ALLOC(var,size) lzo_align_t __LZO_MMODEL var [ ((size) + (sizeof(lzo_align_t) - 1)) / sizeof(lzo_align_t) ] 30 | 31 | 32 | typedef struct transop_lzo { 33 | HEAP_ALLOC(wrkmem, LZO1X_1_MEM_COMPRESS); 34 | } transop_lzo_t; 35 | 36 | 37 | static int transop_deinit_lzo (n2n_trans_op_t *arg) { 38 | 39 | transop_lzo_t *priv = (transop_lzo_t *)arg->priv; 40 | 41 | if(priv) 42 | free(priv); 43 | 44 | return 0; 45 | } 46 | 47 | 48 | // returns compressed packet length 49 | // returns 0 if error occured, the caller would have to use 50 | // original, i.e. uncompressed data then 51 | static int transop_encode_lzo (n2n_trans_op_t *arg, 52 | uint8_t *outbuf, 53 | size_t out_len, 54 | const uint8_t *inbuf, 55 | size_t in_len, 56 | const uint8_t *peer_mac) { 57 | 58 | transop_lzo_t *priv = (transop_lzo_t *)arg->priv; 59 | lzo_uint compression_len = 0; 60 | 61 | if(in_len > N2N_PKT_BUF_SIZE) { 62 | traceEvent(TRACE_ERROR, "encode_lzo inbuf wrong size (%ul) to compress", in_len); 63 | return 0; 64 | } 65 | 66 | if(out_len < in_len + in_len / 16 + 64 + 3) { 67 | traceEvent(TRACE_ERROR, "encode_lzo outbuf too small (%ul) to compress inbuf (%ul)", 68 | out_len, in_len); 69 | return 0; 70 | } 71 | 72 | if(lzo1x_1_compress(inbuf, in_len, outbuf, &compression_len, priv->wrkmem) != LZO_E_OK) { 73 | traceEvent(TRACE_ERROR, "encode_lzo compression error"); 74 | compression_len = 0; 75 | } 76 | 77 | return compression_len; 78 | } 79 | 80 | 81 | static int transop_decode_lzo (n2n_trans_op_t *arg, 82 | uint8_t *outbuf, 83 | size_t out_len, 84 | const uint8_t *inbuf, 85 | size_t in_len, 86 | const uint8_t *peer_mac) { 87 | 88 | lzo_uint deflated_len = N2N_PKT_BUF_SIZE; 89 | 90 | if(in_len > N2N_PKT_BUF_SIZE) { 91 | traceEvent(TRACE_ERROR, "decode_lzo inbuf wrong size (%ul) to decompress", in_len); 92 | return 0; 93 | } 94 | 95 | lzo1x_decompress(inbuf, in_len, outbuf, &deflated_len, NULL); 96 | 97 | if(deflated_len > N2N_PKT_BUF_SIZE) { 98 | traceEvent(TRACE_ERROR, "decode_lzo outbuf wrong size (%ul) decompressed", deflated_len); 99 | return 0; 100 | } 101 | 102 | return deflated_len; 103 | } 104 | 105 | 106 | static void transop_tick_lzo (n2n_trans_op_t *arg, time_t now) { 107 | 108 | // no tick action 109 | } 110 | 111 | 112 | // lzo initialization function 113 | int n2n_transop_lzo_init (const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt) { 114 | 115 | transop_lzo_t *priv; 116 | 117 | memset(ttt, 0, sizeof(*ttt)); 118 | ttt->transform_id = N2N_COMPRESSION_ID_LZO; 119 | 120 | ttt->tick = transop_tick_lzo; 121 | ttt->deinit = transop_deinit_lzo; 122 | ttt->fwd = transop_encode_lzo; 123 | ttt->rev = transop_decode_lzo; 124 | 125 | priv = (transop_lzo_t*)calloc(1, sizeof(transop_lzo_t)); 126 | if(!priv) { 127 | traceEvent(TRACE_ERROR, "lzo_init cannot allocate transop_lzo memory"); 128 | return -1; 129 | } 130 | ttt->priv = priv; 131 | 132 | if(lzo_init() != LZO_E_OK) { 133 | traceEvent(TRACE_ERROR, "lzo_init cannot init lzo compression"); 134 | return -1; 135 | } 136 | 137 | return 0; 138 | } 139 | -------------------------------------------------------------------------------- /src/transform_null.c: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | 20 | #include // for uint8_t 21 | #include // for memcpy, size_t, memset 22 | #include // for time_t 23 | #include "n2n.h" // for n2n_trans_op_t, TRACE_DEBUG, traceEvent, N2N_... 24 | 25 | 26 | static int transop_deinit_null (n2n_trans_op_t *arg ) { 27 | 28 | // nothing to deallocate, nothing to release 29 | 30 | return 0; 31 | } 32 | 33 | 34 | static int transop_encode_null (n2n_trans_op_t *arg, 35 | uint8_t *outbuf, 36 | size_t out_len, 37 | const uint8_t *inbuf, 38 | size_t in_len, 39 | const uint8_t *peer_mac) { 40 | 41 | int retval = -1; 42 | 43 | traceEvent(TRACE_DEBUG, "encode_null %lu", in_len); 44 | if(out_len >= in_len) { 45 | memcpy(outbuf, inbuf, in_len); 46 | retval = in_len; 47 | } else { 48 | traceEvent(TRACE_DEBUG, "encode_null %lu too big for packet buffer", in_len); 49 | } 50 | 51 | return retval; 52 | } 53 | 54 | 55 | static int transop_decode_null (n2n_trans_op_t *arg, 56 | uint8_t *outbuf, 57 | size_t out_len, 58 | const uint8_t *inbuf, 59 | size_t in_len, 60 | const uint8_t *peer_mac) { 61 | 62 | int retval = -1; 63 | 64 | traceEvent(TRACE_DEBUG, "decode_null %lu", in_len); 65 | if(out_len >= in_len) { 66 | memcpy(outbuf, inbuf, in_len); 67 | retval = in_len; 68 | } else { 69 | traceEvent(TRACE_DEBUG, "decode_null %lu too big for packet buffer", in_len); 70 | } 71 | 72 | return retval; 73 | } 74 | 75 | 76 | static void transop_tick_null (n2n_trans_op_t *arg, time_t now) { 77 | 78 | // no tick action 79 | } 80 | 81 | 82 | int n2n_transop_null_init (const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt) { 83 | 84 | memset(ttt, 0, sizeof(n2n_trans_op_t)); 85 | 86 | ttt->transform_id = N2N_TRANSFORM_ID_NULL; 87 | ttt->no_encryption = 1; 88 | ttt->deinit = transop_deinit_null; 89 | ttt->tick = transop_tick_null; 90 | ttt->fwd = transop_encode_null; 91 | ttt->rev = transop_decode_null; 92 | 93 | return 0; 94 | } 95 | -------------------------------------------------------------------------------- /src/transform_zstd.c: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | 20 | #include "config.h" // for HAVE_ZSTD 21 | 22 | 23 | #ifdef HAVE_ZSTD 24 | 25 | 26 | #include "n2n.h" 27 | 28 | 29 | typedef struct transop_zstd { 30 | // no local data 31 | } transop_zstd_t; 32 | 33 | 34 | static int transop_deinit_zstd (n2n_trans_op_t *arg) { 35 | 36 | transop_zstd_t *priv = (transop_zstd_t *)arg->priv; 37 | 38 | if(priv) 39 | free(priv); 40 | 41 | return 0; 42 | } 43 | 44 | 45 | // returns compressed packet length 46 | // returns 0 if error occured, the caller would have to use 47 | // original, i.e. uncompressed data then 48 | static int transop_encode_zstd (n2n_trans_op_t *arg, 49 | uint8_t *outbuf, 50 | size_t out_len, 51 | const uint8_t *inbuf, 52 | size_t in_len, 53 | const uint8_t *peer_mac) { 54 | 55 | /* transop_zstd_t *priv = (transop_zstd_t *)arg->priv; */ 56 | int32_t compression_len = 0; 57 | 58 | if(in_len > N2N_PKT_BUF_SIZE) { 59 | traceEvent(TRACE_ERROR, "encode_zstd inbuf wrong size (%ul) to compress", in_len); 60 | return 0; 61 | } 62 | 63 | if(out_len < in_len + 128) { // 128 leaves enough room, 64 | // for exact size call 65 | // ZSTD_compressBound(in_len) 66 | // which is slower 67 | traceEvent(TRACE_ERROR, "encode_zstd outbuf too small (%ul) to compress inbuf (%ul)", 68 | out_len, in_len); 69 | return 0; 70 | } 71 | 72 | compression_len = ZSTD_compress(outbuf, out_len, inbuf, in_len, ZSTD_COMPRESSION_LEVEL); 73 | if(ZSTD_isError(compression_len)) { 74 | traceEvent(TRACE_ERROR, "payload compression failed with zstd error '%s'", 75 | ZSTD_getErrorName(compression_len)); 76 | // we do no return the error code to the caller, just return 0 len 77 | // so, any further specific error handling would have to happen right here 78 | compression_len = 0; 79 | } 80 | 81 | return compression_len; 82 | } 83 | 84 | 85 | static int transop_decode_zstd (n2n_trans_op_t *arg, 86 | uint8_t *outbuf, 87 | size_t out_len, 88 | const uint8_t *inbuf, 89 | size_t in_len, 90 | const uint8_t *peer_mac) { 91 | 92 | int32_t deflated_len = 0; 93 | 94 | if(in_len > N2N_PKT_BUF_SIZE) { 95 | traceEvent(TRACE_ERROR, "decode_zstd inbuf wrong size (%ul) to decompress", in_len); 96 | return 0; 97 | } 98 | 99 | deflated_len = ZSTD_decompress(outbuf, out_len, inbuf, in_len); 100 | 101 | if(ZSTD_isError(deflated_len)) { 102 | traceEvent(TRACE_WARNING, "payload decompression failed with zstd error '%s'", 103 | ZSTD_getErrorName(deflated_len)); 104 | return 0; // cannot help it 105 | } 106 | 107 | // we should have noticed by memory break or ZSTD complaining about a too small of an out_len 108 | if(deflated_len > N2N_PKT_BUF_SIZE) { 109 | traceEvent(TRACE_ERROR, "decode_zstd outbuf wrong size (%ul) decompressed", deflated_len); 110 | return 0; 111 | } 112 | 113 | return deflated_len; 114 | } 115 | 116 | 117 | static void transop_tick_zstd (n2n_trans_op_t *arg, time_t now) { 118 | 119 | // no tick action 120 | } 121 | 122 | 123 | // zstd initialization function 124 | int n2n_transop_zstd_init (const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt) { 125 | 126 | transop_zstd_t *priv; 127 | 128 | memset(ttt, 0, sizeof(*ttt)); 129 | ttt->transform_id = N2N_COMPRESSION_ID_ZSTD; 130 | 131 | ttt->tick = transop_tick_zstd; 132 | ttt->deinit = transop_deinit_zstd; 133 | ttt->fwd = transop_encode_zstd; 134 | ttt->rev = transop_decode_zstd; 135 | 136 | priv = (transop_zstd_t*)calloc(1, sizeof(transop_zstd_t)); 137 | if(!priv) { 138 | traceEvent(TRACE_ERROR, "zstd_init cannot allocate transop_zstd memory"); 139 | return -1; 140 | } 141 | ttt->priv = priv; 142 | 143 | // zstd does not require initialization 144 | // if it requires one day, this is the place to do it and eventually throw an error 145 | // (see 'transform_lzo.c') 146 | 147 | return 0; 148 | } 149 | 150 | 151 | #endif // HAVE_ZSTD 152 | -------------------------------------------------------------------------------- /src/tuntap_freebsd.c: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | 20 | #include // for open. O_RDWR 21 | #include "n2n.h" 22 | 23 | 24 | #ifdef __FreeBSD__ 25 | 26 | 27 | #define N2N_FREEBSD_TAPDEVICE_SIZE 32 28 | 29 | 30 | void tuntap_close (tuntap_dev *device); 31 | 32 | 33 | int tuntap_open (tuntap_dev *device /* ignored */, 34 | char *dev, 35 | const char *address_mode, /* static or dhcp */ 36 | char *device_ip, 37 | char *device_mask, 38 | const char * device_mac, 39 | int mtu, 40 | int ignored) { 41 | 42 | int i; 43 | char tap_device[N2N_FREEBSD_TAPDEVICE_SIZE]; 44 | 45 | for(i = 0; i < 255; i++) { 46 | snprintf(tap_device, sizeof(tap_device), "/dev/tap%d", i); 47 | 48 | device->fd = open(tap_device, O_RDWR); 49 | if(device->fd > 0) { 50 | traceEvent(TRACE_NORMAL, "Succesfully open %s", tap_device); 51 | break; 52 | } 53 | } 54 | 55 | if(device->fd < 0) { 56 | traceEvent(TRACE_ERROR, "Unable to open tap device"); 57 | return -1; 58 | } else { 59 | char buf[256]; 60 | FILE *fd; 61 | 62 | device->ip_addr = inet_addr(device_ip); 63 | 64 | if(device_mac && device_mac[0] != '\0') { 65 | // FIXME - this is not tested, might be wrong syntax for OS X 66 | 67 | // set the hw address before bringing the if up 68 | snprintf(buf, sizeof(buf), "ifconfig tap%d ether %s", i, device_mac); 69 | system(buf); 70 | } 71 | 72 | snprintf(buf, sizeof(buf), "ifconfig tap%d %s netmask %s mtu %d up", i, device_ip, device_mask, mtu); 73 | system(buf); 74 | 75 | traceEvent(TRACE_NORMAL, "Interface tap%d up and running (%s/%s)", i, device_ip, device_mask); 76 | 77 | // read MAC address 78 | snprintf(buf, sizeof(buf), "ifconfig tap%d |grep ether|cut -c 8-24", i); 79 | // traceEvent(TRACE_INFO, "%s", buf); 80 | 81 | fd = popen(buf, "r"); 82 | if(fd < 0) { 83 | tuntap_close(device); 84 | return -1; 85 | } else { 86 | int a, b, c, d, e, f; 87 | 88 | buf[0] = 0; 89 | fgets(buf, sizeof(buf), fd); 90 | pclose(fd); 91 | 92 | if(buf[0] == '\0') { 93 | traceEvent(TRACE_ERROR, "Unable to read tap%d interface MAC address"); 94 | exit(0); 95 | } 96 | 97 | traceEvent(TRACE_NORMAL, "Interface tap%d mac %s", i, buf); 98 | if(sscanf(buf, "%02x:%02x:%02x:%02x:%02x:%02x", &a, &b, &c, &d, &e, &f) == 6) { 99 | device->mac_addr[0] = a, device->mac_addr[1] = b; 100 | device->mac_addr[2] = c, device->mac_addr[3] = d; 101 | device->mac_addr[4] = e, device->mac_addr[5] = f; 102 | } 103 | } 104 | } 105 | 106 | 107 | // read_mac(dev, device->mac_addr); 108 | 109 | return device->fd; 110 | } 111 | 112 | 113 | int tuntap_read (struct tuntap_dev *tuntap, unsigned char *buf, int len) { 114 | 115 | return read(tuntap->fd, buf, len); 116 | } 117 | 118 | 119 | int tuntap_write (struct tuntap_dev *tuntap, unsigned char *buf, int len) { 120 | 121 | return write(tuntap->fd, buf, len); 122 | } 123 | 124 | 125 | void tuntap_close (struct tuntap_dev *tuntap) { 126 | 127 | close(tuntap->fd); 128 | } 129 | 130 | 131 | // fill out the ip_addr value from the interface, called to pick up dynamic address changes 132 | void tuntap_get_address (struct tuntap_dev *tuntap) { 133 | 134 | // no action 135 | } 136 | 137 | 138 | #endif /* #ifdef __FreeBSD__ */ 139 | -------------------------------------------------------------------------------- /src/tuntap_netbsd.c: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | 20 | #include "n2n.h" 21 | 22 | 23 | #ifdef __NetBSD__ 24 | 25 | 26 | #include 27 | #include 28 | #include 29 | 30 | 31 | #define N2N_NETBSD_TAPDEVICE_SIZE 32 32 | 33 | 34 | void tun_close (tuntap_dev *device); 35 | 36 | 37 | int tuntap_open (tuntap_dev *device /* ignored */, 38 | char *dev, 39 | const char *address_mode, /* static or dhcp */ 40 | char *device_ip, 41 | char *device_mask, 42 | const char * device_mac, 43 | int mtu, 44 | int ignored) { 45 | 46 | char tap_device[N2N_NETBSD_TAPDEVICE_SIZE]; 47 | struct ifreq req; 48 | 49 | if(dev) { 50 | snprintf(tap_device, sizeof(tap_device), "/dev/%s", dev); 51 | device->fd = open(tap_device, O_RDWR); 52 | snprintf(tap_device, sizeof(tap_device), "%s", dev); 53 | } else { 54 | device->fd = open("/dev/tap", O_RDWR); 55 | if(device->fd >= 0) { 56 | if(ioctl(device->fd, TAPGIFNAME, &req) == -1) { 57 | traceEvent(TRACE_ERROR, "Unable to obtain name of tap device (%s)", strerror(errno)); 58 | close(device->fd); 59 | return -1; 60 | } else { 61 | snprintf(tap_device, sizeof(tap_device), req.ifr_name); 62 | } 63 | } 64 | } 65 | 66 | if(device->fd < 0) { 67 | traceEvent(TRACE_ERROR, "Unable to open tap device (%s)", strerror(errno)); 68 | return -1; 69 | } else { 70 | char cmd[256]; 71 | FILE *fd; 72 | 73 | traceEvent(TRACE_NORMAL, "Succesfully open %s", tap_device); 74 | 75 | device->ip_addr = inet_addr(device_ip); 76 | 77 | if(device_mac && device_mac[0] != '\0') { 78 | // set the hw address before bringing the if up 79 | snprintf(cmd, sizeof(cmd), "ifconfig %s link %s active", tap_device, device_mac); 80 | system(cmd); 81 | } 82 | 83 | snprintf(cmd, sizeof(cmd), "ifconfig %s %s netmask %s mtu %d up", tap_device, device_ip, device_mask, mtu); 84 | system(cmd); 85 | 86 | traceEvent(TRACE_NORMAL, "Interface %s up and running (%s/%s)", tap_device, device_ip, device_mask); 87 | 88 | // read MAC address 89 | snprintf(cmd, sizeof(cmd), "ifconfig %s |grep address|cut -c 11-28", tap_device); 90 | // traceEvent(TRACE_INFO, "%s", cmd); 91 | 92 | fd = popen(cmd, "r"); 93 | if(fd < 0) { 94 | tun_close(device); 95 | return -1; 96 | } else { 97 | int a, b, c, d, e, f; 98 | char buf[256]; 99 | 100 | buf[0] = 0; 101 | fgets(buf, sizeof(buf), fd); 102 | pclose(fd); 103 | 104 | if(buf[0] == '\0') { 105 | traceEvent(TRACE_ERROR, "Unable to read %s interface MAC address [%s]", tap_device, cmd); 106 | exit(0); 107 | } 108 | 109 | traceEvent(TRACE_NORMAL, "Interface %s mac %s", tap_device, buf); 110 | if(sscanf(buf, "%02x:%02x:%02x:%02x:%02x:%02x", &a, &b, &c, &d, &e, &f) == 6) { 111 | device->mac_addr[0] = a, device->mac_addr[1] = b; 112 | device->mac_addr[2] = c, device->mac_addr[3] = d; 113 | device->mac_addr[4] = e, device->mac_addr[5] = f; 114 | } 115 | } 116 | } 117 | 118 | // read_mac(dev, device->mac_addr); 119 | 120 | return(device->fd); 121 | } 122 | 123 | 124 | int tuntap_read (struct tuntap_dev *tuntap, unsigned char *buf, int len) { 125 | 126 | return(read(tuntap->fd, buf, len)); 127 | } 128 | 129 | 130 | int tuntap_write (struct tuntap_dev *tuntap, unsigned char *buf, int len) { 131 | 132 | return(write(tuntap->fd, buf, len)); 133 | } 134 | 135 | 136 | void tuntap_close (struct tuntap_dev *tuntap) { 137 | 138 | close(tuntap->fd); 139 | } 140 | 141 | 142 | // fill out the ip_addr value from the interface, called to pick up dynamic address changes 143 | void tuntap_get_address (struct tuntap_dev *tuntap) { 144 | 145 | // no action 146 | } 147 | 148 | 149 | #endif /* #ifdef __NetBSD__ */ 150 | -------------------------------------------------------------------------------- /src/tuntap_osx.c: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | 20 | #include 21 | #include "n2n.h" 22 | 23 | 24 | #ifdef __APPLE__ 25 | 26 | 27 | #define N2N_OSX_TAPDEVICE_SIZE 32 28 | 29 | 30 | void tun_close (tuntap_dev *device); 31 | 32 | 33 | int tuntap_open (tuntap_dev *device /* ignored */, 34 | char *dev, 35 | const char *address_mode, /* static or dhcp */ 36 | char *device_ip, 37 | char *device_mask, 38 | const char * device_mac, 39 | int mtu, 40 | int ignored) { 41 | 42 | int i; 43 | char tap_device[N2N_OSX_TAPDEVICE_SIZE]; 44 | 45 | for(i = 0; i < 255; i++) { 46 | snprintf(tap_device, sizeof(tap_device), "/dev/tap%d", i); 47 | 48 | device->fd = open(tap_device, O_RDWR); 49 | if(device->fd > 0) { 50 | traceEvent(TRACE_NORMAL, "Succesfully open %s", tap_device); 51 | break; 52 | } 53 | } 54 | 55 | if(device->fd < 0) { 56 | traceEvent(TRACE_ERROR, "Unable to open any tap devices /dev/tap0 through /dev/tap254. Is this user properly authorized to access those descriptors?"); 57 | traceEvent(TRACE_ERROR, "Please read https://github.com/ntop/n2n/blob/dev/doc/Building.md"); 58 | return -1; 59 | } else { 60 | char buf[256]; 61 | FILE *fd; 62 | 63 | device->ip_addr = inet_addr(device_ip); 64 | 65 | if(device_mac && device_mac[0] != '\0') { 66 | // FIXME - this is not tested. might be wrong syntax for OS X 67 | // set the hw address before bringing the if up 68 | snprintf(buf, sizeof(buf), "ifconfig tap%d ether %s", i, device_mac); 69 | system(buf); 70 | } 71 | 72 | snprintf(buf, sizeof(buf), "ifconfig tap%d %s netmask %s mtu %d up", i, device_ip, device_mask, mtu); 73 | system(buf); 74 | 75 | traceEvent(TRACE_NORMAL, "Interface tap%d up and running (%s/%s)", i, device_ip, device_mask); 76 | 77 | // read MAC address 78 | snprintf(buf, sizeof(buf), "ifconfig tap%d |grep ether|cut -c 8-24", i); 79 | // traceEvent(TRACE_INFO, "%s", buf); 80 | 81 | fd = popen(buf, "r"); 82 | if(fd < 0) { 83 | tuntap_close(device); 84 | return -1; 85 | } else { 86 | int a, b, c, d, e, f; 87 | 88 | buf[0] = 0; 89 | fgets(buf, sizeof(buf), fd); 90 | pclose(fd); 91 | 92 | if(buf[0] == '\0') { 93 | traceEvent(TRACE_ERROR, "Unable to read tap%d interface MAC address"); 94 | exit(0); 95 | } 96 | 97 | traceEvent(TRACE_NORMAL, "Interface tap%d [MTU %d] mac %s", i, mtu, buf); 98 | if(sscanf(buf, "%02x:%02x:%02x:%02x:%02x:%02x", &a, &b, &c, &d, &e, &f) == 6) { 99 | device->mac_addr[0] = a, device->mac_addr[1] = b; 100 | device->mac_addr[2] = c, device->mac_addr[3] = d; 101 | device->mac_addr[4] = e, device->mac_addr[5] = f; 102 | } 103 | } 104 | } 105 | 106 | // read_mac(dev, device->mac_addr); 107 | 108 | return(device->fd); 109 | } 110 | 111 | 112 | int tuntap_read (struct tuntap_dev *tuntap, unsigned char *buf, int len) { 113 | 114 | return(read(tuntap->fd, buf, len)); 115 | } 116 | 117 | 118 | int tuntap_write (struct tuntap_dev *tuntap, unsigned char *buf, int len) { 119 | 120 | return(write(tuntap->fd, buf, len)); 121 | } 122 | 123 | 124 | void tuntap_close (struct tuntap_dev *tuntap) { 125 | 126 | close(tuntap->fd); 127 | } 128 | 129 | // fill out the ip_addr value from the interface, called to pick up dynamic address changes 130 | void tuntap_get_address (struct tuntap_dev *tuntap) { 131 | 132 | // no action 133 | } 134 | 135 | 136 | #endif /* __APPLE__ */ 137 | -------------------------------------------------------------------------------- /src/win32/DotNet/n2n.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 10.00 3 | # Visual C++ Express 2008 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "edge", "n2n.vcproj", "{4911ADD4-08A3-4C9F-B9C9-9492DA10D01D}" 5 | EndProject 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "supernode", "supernode.vcproj", "{BDB93CAB-BE22-4ED6-9A05-2E4D6F1D76E1}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Win32 = Debug|Win32 11 | Release|Win32 = Release|Win32 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {4911ADD4-08A3-4C9F-B9C9-9492DA10D01D}.Debug|Win32.ActiveCfg = Debug|Win32 15 | {4911ADD4-08A3-4C9F-B9C9-9492DA10D01D}.Debug|Win32.Build.0 = Debug|Win32 16 | {4911ADD4-08A3-4C9F-B9C9-9492DA10D01D}.Release|Win32.ActiveCfg = Release|Win32 17 | {4911ADD4-08A3-4C9F-B9C9-9492DA10D01D}.Release|Win32.Build.0 = Release|Win32 18 | {BDB93CAB-BE22-4ED6-9A05-2E4D6F1D76E1}.Debug|Win32.ActiveCfg = Debug|Win32 19 | {BDB93CAB-BE22-4ED6-9A05-2E4D6F1D76E1}.Debug|Win32.Build.0 = Debug|Win32 20 | {BDB93CAB-BE22-4ED6-9A05-2E4D6F1D76E1}.Release|Win32.ActiveCfg = Release|Win32 21 | {BDB93CAB-BE22-4ED6-9A05-2E4D6F1D76E1}.Release|Win32.Build.0 = Release|Win32 22 | EndGlobalSection 23 | GlobalSection(SolutionProperties) = preSolution 24 | HideSolutionNode = FALSE 25 | EndGlobalSection 26 | EndGlobal 27 | -------------------------------------------------------------------------------- /src/win32/DotNet/n2n.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ntop/n2n/23e5160fc87b2f2c5bb3e5d6f2ff952e056084d3/src/win32/DotNet/n2n.suo -------------------------------------------------------------------------------- /src/win32/defs.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Basic definitions needed for any windows compile 3 | * 4 | */ 5 | 6 | #ifndef _WIN32_DEFS_H_ 7 | #define _WIN32_DEFS_H_ 8 | 9 | #ifndef _CRT_SECURE_NO_WARNINGS 10 | #define _CRT_SECURE_NO_WARNINGS 11 | #endif 12 | 13 | #define WIN32_LEAN_AND_MEAN 14 | 15 | #ifndef _WIN64 16 | /* needs to be defined before winsock gets included */ 17 | #undef _WIN32_WINNT 18 | #define _WIN32_WINNT 0x501 19 | 20 | const char *subst_inet_ntop (int, const void *, char *, int); 21 | #define inet_ntop subst_inet_ntop 22 | #endif 23 | 24 | #include 25 | #include 26 | 27 | #endif 28 | -------------------------------------------------------------------------------- /src/win32/edge.manifest: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /src/win32/edge.rc: -------------------------------------------------------------------------------- 1 | // https://www.transmissionzero.co.uk/computing/win32-apps-with-mingw/ 2 | // ID_MANIFEST RT_MANIFEST "edge.manifest" 3 | 1 24 "edge.manifest" -------------------------------------------------------------------------------- /src/win32/edge_utils_win32.h: -------------------------------------------------------------------------------- 1 | /** 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not see see 16 | * 17 | */ 18 | 19 | #ifndef _EDGE_UTILS_WIN32_H_ 20 | #define _EDGE_UTILS_WIN32_H_ 21 | 22 | #include 23 | 24 | 25 | /* Multicast peers discovery disabled due to https://github.com/ntop/n2n/issues/65 */ 26 | 27 | /* Currently, multicast is performed by specifying the default routing network adapter. 28 | * If the solution is determined to be stable and effective, 29 | * all macro definitions "SKIP_MULTICAST_PEERS_DISCOVERY" will be completely deleted in the future. 30 | */ 31 | //#define SKIP_MULTICAST_PEERS_DISCOVERY 32 | 33 | // TODO: this struct is pretty empty now, collapse it to just n2n_edge_t ? 34 | struct tunread_arg { 35 | n2n_edge_t *eee; 36 | }; 37 | 38 | extern HANDLE startTunReadThread (struct tunread_arg *arg); 39 | int get_best_interface_ip (n2n_edge_t * eee, dec_ip_str_t *ip_addr); 40 | 41 | 42 | #endif /* _EDGE_UTILS_WIN32_H_ */ 43 | 44 | -------------------------------------------------------------------------------- /src/win32/n2n_win32.h: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | (C) 2007-22 - Luca Deri 4 | 5 | */ 6 | 7 | #ifndef _N2N_WIN32_H_ 8 | #define _N2N_WIN32_H_ 9 | 10 | #include 11 | #include 12 | #include 13 | #include 14 | #if defined(_MSC_VER) 15 | #include 16 | #pragma comment(lib,"Iphlpapi.lib") 17 | #endif 18 | #include 19 | #include 20 | #include 21 | 22 | 23 | #include "wintap.h" 24 | 25 | #undef EAFNOSUPPORT 26 | #define EAFNOSUPPORT WSAEAFNOSUPPORT 27 | #define MAX(a,b) (a > b ? a : b) 28 | #define MIN(a,b) (a < b ? a : b) 29 | 30 | #define snprintf _snprintf 31 | #define strdup _strdup 32 | 33 | #define socklen_t int 34 | 35 | 36 | /* ************************************* */ 37 | 38 | struct ip { 39 | #if BYTE_ORDER == LITTLE_ENDIAN 40 | u_char ip_hl:4, /* header length */ 41 | ip_v:4; /* version */ 42 | #else 43 | u_char ip_v:4, /* version */ 44 | ip_hl:4; /* header length */ 45 | #endif 46 | u_char ip_tos; /* type of service */ 47 | short ip_len; /* total length */ 48 | u_short ip_id; /* identification */ 49 | short ip_off; /* fragment offset field */ 50 | #define IP_DF 0x4000 /* dont fragment flag */ 51 | #define IP_MF 0x2000 /* more fragments flag */ 52 | #define IP_OFFMASK 0x1fff /* mask for fragmenting bits */ 53 | u_char ip_ttl; /* time to live */ 54 | u_char ip_p; /* protocol */ 55 | u_short ip_sum; /* checksum */ 56 | struct in_addr ip_src,ip_dst; /* source and dest address */ 57 | }; 58 | 59 | 60 | /* ************************************* */ 61 | 62 | 63 | typedef struct tuntap_dev { 64 | HANDLE device_handle; 65 | char *device_name; 66 | char *ifName; 67 | int if_idx; 68 | OVERLAPPED overlap_read, overlap_write; 69 | n2n_mac_t mac_addr; 70 | uint32_t ip_addr; 71 | uint32_t device_mask; 72 | unsigned int mtu; 73 | unsigned int metric; 74 | unsigned int metric_original; 75 | } tuntap_dev; 76 | 77 | 78 | /* ************************************* */ 79 | 80 | 81 | #define index(a, b) strchr(a, b) 82 | #define sleep(x) Sleep(x * 1000) 83 | 84 | 85 | /* ************************************* */ 86 | 87 | 88 | #define HAVE_PTHREAD 89 | #define pthread_t HANDLE 90 | #define pthread_mutex_t HANDLE 91 | 92 | #define pthread_create(p_thread_handle, attr, thread_func, p_param) \ 93 | (*p_thread_handle = CreateThread(0 /* default security flags */, 0 /*default stack*/, \ 94 | thread_func, p_param, 0 /* default creation flags */, \ 95 | NULL) == 0) 96 | 97 | #define pthread_cancel(p_thread_handle) \ 98 | TerminateThread(p_thread_handle, 0) 99 | 100 | #define pthread_mutex_init(p_mutex_handle, attr) \ 101 | *p_mutex_handle = CreateMutex(NULL /*default security flags */, \ 102 | FALSE /* initially not owned */, NULL /* unnamed */) 103 | 104 | #define pthread_mutex_lock(mutex) \ 105 | WaitForSingleObject(*mutex, INFINITE) 106 | 107 | #define pthread_mutex_trylock(mutex) \ 108 | WaitForSingleObject(*mutex, NULL) 109 | 110 | #define pthread_mutex_unlock(mutex) \ 111 | ReleaseMutex(*mutex) 112 | 113 | 114 | /* ************************************* */ 115 | 116 | 117 | #endif 118 | -------------------------------------------------------------------------------- /src/win32/wintap.h: -------------------------------------------------------------------------------- 1 | /* 2 | (C) 2007-22 - Luca Deri 3 | */ 4 | 5 | #ifndef _WINTAP_H_ 6 | #define _WINTAP_H_ 7 | 8 | #undef UNICODE 9 | #undef _UNICODE 10 | #ifndef _CRT_SECURE_NO_WARNINGS 11 | #define _CRT_SECURE_NO_WARNINGS 12 | #endif 13 | 14 | #include 15 | #include 16 | #include 17 | 18 | 19 | 20 | //=============================================== 21 | // This file is included both by OpenVPN and 22 | // the TAP-Win32 driver and contains definitions 23 | // common to both. 24 | //=============================================== 25 | 26 | //============= 27 | // TAP IOCTLs 28 | //============= 29 | 30 | #define TAP_CONTROL_CODE(request,method) \ 31 | CTL_CODE (FILE_DEVICE_UNKNOWN, request, method, FILE_ANY_ACCESS) 32 | 33 | #define TAP_IOCTL_GET_MAC TAP_CONTROL_CODE (1, METHOD_BUFFERED) 34 | #define TAP_IOCTL_GET_VERSION TAP_CONTROL_CODE (2, METHOD_BUFFERED) 35 | #define TAP_IOCTL_GET_MTU TAP_CONTROL_CODE (3, METHOD_BUFFERED) 36 | #define TAP_IOCTL_GET_INFO TAP_CONTROL_CODE (4, METHOD_BUFFERED) 37 | #define TAP_IOCTL_CONFIG_POINT_TO_POINT TAP_CONTROL_CODE (5, METHOD_BUFFERED) 38 | #define TAP_IOCTL_SET_MEDIA_STATUS TAP_CONTROL_CODE (6, METHOD_BUFFERED) 39 | #define TAP_IOCTL_CONFIG_DHCP_MASQ TAP_CONTROL_CODE (7, METHOD_BUFFERED) 40 | #define TAP_IOCTL_GET_LOG_LINE TAP_CONTROL_CODE (8, METHOD_BUFFERED) 41 | #define TAP_IOCTL_CONFIG_DHCP_SET_OPT TAP_CONTROL_CODE (9, METHOD_BUFFERED) 42 | 43 | //================= 44 | // Registry keys 45 | //================= 46 | 47 | #define ADAPTER_KEY "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}" 48 | #define NETWORK_CONNECTIONS_KEY "SYSTEM\\CurrentControlSet\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}" 49 | #define ADAPTER_INFO_KEY "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}" 50 | 51 | //====================== 52 | // Filesystem prefixes 53 | //====================== 54 | 55 | #define USERMODEDEVICEDIR "\\\\.\\Global\\" 56 | #define SYSDEVICEDIR "\\Device\\" 57 | #define USERDEVICEDIR "\\DosDevices\\Global\\" 58 | #define TAPSUFFIX ".tap" 59 | 60 | //========================================================= 61 | // TAP_COMPONENT_ID -- This string defines the TAP driver 62 | // type -- different component IDs can reside in the system 63 | // simultaneously. 64 | //========================================================= 65 | 66 | #define TAP_COMPONENT_ID "tap0801" 67 | 68 | extern void initWin32(); 69 | extern void destroyWin32(); 70 | extern void win_print_available_adapters(); 71 | 72 | #endif 73 | -------------------------------------------------------------------------------- /supernode.1: -------------------------------------------------------------------------------- 1 | .TH supernode 1 "Jul 16, 2021" "version 3" "USER COMMANDS" 2 | .SH NAME 3 | supernode \- n2n supernode daemon 4 | .SH SYNOPSIS 5 | .B supernode 6 | 7 | .br 8 | .B supernode 9 | [OPTION]... 10 | .SH DESCRIPTION 11 | N2N is a peer-to-peer VPN system. Supernode is a node introduction registry, 12 | broadcast conduit and packet relay node for the n2n system. On startup supernode 13 | begins listening on the specified UDP port for node registrations, and other 14 | packets to route. The supernode can service any number of communities and routes 15 | packets only between members of the same community. The supernode does not hold 16 | the community encryption key and so cannot snoop or inject packets into the 17 | community. 18 | .PP 19 | Supernode can service a number of n2n communities concurrently. Traffic does not 20 | cross between communities. 21 | .PP 22 | All logging goes to stdout. 23 | .PP 24 | The config file is similar to the command line, with one option per line. 25 | Lines starting with a "#" are ignored. 26 | An equal sign ('=') should be used between key and value. Example: -p=7777 27 | .SH OPTIONS FOR THE UNDERLYING NETWORK CONNECTION 28 | .TP 29 | \fB\-p \fR[<\fIlocal_ip_address\fR>:]<\fIlocal_port\fR>, \fB\-\-local-port\fR=... 30 | binds supernode to this fixed UDP port on 'any' local IP address, defaults to 7654. 31 | Optionally, the edge can bind to the provided local ip address only. 32 | .TP 33 | \fB\-F \fR<\fIfed_name\fR> 34 | name of the supernode's federation, defaults to '*Federation' (see also N2N_FEDERATION in ENVIRONMENT) 35 | .TP 36 | \fB\-l \fR<\fIhost:port\fR> 37 | ip address or name, and port of known supernode 38 | .TP 39 | \fB\-m \fR<\fImac_address\fR> 40 | fixed MAC address for the supernode, e.g. 41 | '-m 10:20:30:40:50:60', random otherwise 42 | .TP 43 | \fB\-M\fR 44 | disable MAC and IP address spoofing protection for all 45 | non-username-password-authenticating communities 46 | .TP 47 | \fB\-V \fR<\fIversion_string\fR> 48 | modify the supernode version string which is distributed to the 49 | edges and shown at their management port output, up to 19 characters 50 | .TP 51 | .SH TAP DEVICE AND OVERLAY NETWORK CONFIGURATION 52 | .TP 53 | \fB\-c \fR<\fIpath\fR>, \fB\-\-communities\fR=<\fIpath\fR> 54 | file containing the allowed communities and any User / Password based authentication 55 | details (See ALLOWED COMMUNITIES FILE section) 56 | .TP 57 | \fB\-a \fR<\fInet-net/n\fR>, \fB\-\-autoip\fR= 58 | subnet range for auto ip address service, 59 | .br 60 | e.g. '-a 192.168.0.0-192.168.255.0/24', 61 | .br 62 | defaults to '10.128.255.0-10.255.255.0/24' 63 | .SH LOCAL OPTIONS 64 | .TP 65 | \fB\-f\fR, \fB\-\-foreground\fR 66 | disable daemon mode (UNIX) and run in foreground. 67 | .TP 68 | \fB\-t \fR<\fIport\fR>, \fB\-\-mgmt-port\fR=<\fIport\fR> 69 | management UDP port, for multiple supernodes on a machine, defaults to 5645 70 | .TP 71 | \fB\-\-management-password \fR<\fIpassword\fR> 72 | sets the password for access to JSON API at the management port, defaults to 'n2n'. The password 73 | has to be provided for relevant access to JSON API at the management port. 74 | .TP 75 | \fB\-v\fR, \fB\-\-verbose\fR 76 | use verbose logging 77 | .TP 78 | \fB\-u \fR<\fIUID\fR> 79 | numeric user ID to use when privileges are dropped 80 | .TP 81 | \fB\-g \fR<\fIGID\fR> 82 | numeric group ID to use when privileges are dropped 83 | .TP 84 | \fB-h\fR 85 | shows a quick reference including all available options 86 | .TP 87 | \fB\-\-help\fR 88 | shows detailed parameter description 89 | 90 | .SH ALLOWED COMMUNITIES FILE 91 | This file is a plain text file. 92 | Comments are introduced with a hash at the beginning of the line. 93 | A line that begins with an asterisk is a user authentication definition and adds an allowed user to the most recently defined community. 94 | Allowed communities can be specified with a regular expression. 95 | .PP 96 | Example community file: 97 | .PP 98 | .nf 99 | .RS 100 | # List of allowed communities 101 | mynetwork 102 | netleo 103 | * logan nHWum+r42k1qDXdIeH-WFKeylK5UyLStRzxofRNAgpG 104 | * sister HwHpPrdMft+38tFDDiunUds6927t0+zhCMMkQdJafcC 105 | .RE 106 | .fi 107 | .PP 108 | More details on creating the allowed communities file are found in the Communities.md and Authentication.md documentation included with this package. 109 | .SH ENVIRONMENT 110 | .TP 111 | .B N2N_FEDERATION 112 | set the federation name so it is not visible at the command line 113 | .SH EXAMPLES 114 | .TP 115 | .B supernode -p 7654 -v 116 | Start supernode listening on UDP port 7654 with verbose output. 117 | .TP 118 | .B echo | nc -w1 -u 127.0.0.1 5645 119 | Shows the management status of a running supernode. 120 | .PP 121 | .SH RESTART 122 | When supernode restarts it loses all registration information from associated 123 | edge nodes. It can take up to five minutes for the edge nodes to re-register and 124 | normal traffic flow to resume. 125 | .SH EXIT STATUS 126 | supernode is a daemon and any exit is an error 127 | .SH AUTHOR 128 | Luca Deri ( deri (at) ntop.org ), Richard Andrews ( andrews (at) ntop.org ), Don Bindner 129 | .SH SEE ALSO 130 | ifconfig(8) edge(8) 131 | .br 132 | the documentation contained in the source code 133 | .br 134 | the extensive documentation found in n2n's \fBdoc/\fR folder 135 | -------------------------------------------------------------------------------- /tests/test_integration_edge.sh.expected: -------------------------------------------------------------------------------- 1 | ### 2 | 3 | ### 4 | [ 5 | { 6 | "community": "test" 7 | } 8 | ] 9 | 10 | ### 11 | [ 12 | { 13 | "rx_pkt": 0, 14 | "tx_pkt": 2, 15 | "type": "transop" 16 | }, 17 | { 18 | "rx_pkt": 0, 19 | "tx_pkt": 0, 20 | "type": "p2p" 21 | }, 22 | { 23 | "rx_pkt": 0, 24 | "tx_pkt": 2, 25 | "type": "super" 26 | }, 27 | { 28 | "rx_pkt": 0, 29 | "tx_pkt": 2, 30 | "type": "super_broadcast" 31 | } 32 | ] 33 | 34 | ### 35 | [] 36 | 37 | ### 38 | [ 39 | { 40 | "traceLevel": 2 41 | } 42 | ] 43 | 44 | ### 45 | 46 | 0 47 | ### 48 | [ 49 | { 50 | "traceLevel": 1 51 | } 52 | ] 53 | 54 | ### 55 | [ 56 | { 57 | "keep_running": 1 58 | } 59 | ] 60 | 61 | ### 62 | [ 63 | { 64 | "keep_running": 0 65 | } 66 | ] 67 | 68 | ### 69 | [ 70 | { 71 | "keep_running": 0 72 | } 73 | ] 74 | 75 | -------------------------------------------------------------------------------- /tests/test_integration_supernode.sh.expected: -------------------------------------------------------------------------------- 1 | ### 2 | 3 | ### 4 | [ 5 | { 6 | "community": "-/-", 7 | "ip4addr": "", 8 | "is_federation": 1, 9 | "purgeable": 0 10 | } 11 | ] 12 | 13 | ### 14 | [ 15 | { 16 | "tx_pkt": 0, 17 | "type": "forward" 18 | }, 19 | { 20 | "tx_pkt": 0, 21 | "type": "broadcast" 22 | }, 23 | { 24 | "nak": 0, 25 | "rx_pkt": 0, 26 | "type": "reg_super" 27 | }, 28 | { 29 | "tx_pkt": 0, 30 | "type": "errors" 31 | } 32 | ] 33 | 34 | ### 35 | [] 36 | 37 | ### 38 | [ 39 | { 40 | "traceLevel": 3 41 | } 42 | ] 43 | 44 | ### 45 | [ 46 | { 47 | "traceLevel": 1 48 | } 49 | ] 50 | 51 | ### 52 | [ 53 | { 54 | "keep_running": 1 55 | } 56 | ] 57 | 58 | ### 59 | [ 60 | { 61 | "keep_running": 0 62 | } 63 | ] 64 | 65 | -------------------------------------------------------------------------------- /tests/tests-auth.expected: -------------------------------------------------------------------------------- 1 | bin_to_ascii: input size = 0x10 2 | 000: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 3 | bin_to_ascii: output: 00420mG51WS82GeB30qE3m 4 | 5 | ascii_to_bin: input = 00420mG51WS82GeB30qE3m 6 | ascii_to_bin: output: 7 | 000: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 8 | 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | | 9 | 10 | generate_private_key: input = 00420mG51WS82GeB30qE3m 11 | generate_private_key: output: 12 | 000: a4 f4 b5 1c 8a 0a 09 f9 7e 98 22 ca 8a cc b3 f9 | ~ " | 13 | 010: 4d 5a 0d 02 0b 9d 08 ea 03 9b 46 41 8e 3c 0d 49 |MZ FA < I| 14 | 15 | generate_public_key: input: 16 | 000: a4 f4 b5 1c 8a 0a 09 f9 7e 98 22 ca 8a cc b3 f9 | ~ " | 17 | 010: 4d 5a 0d 02 0b 9d 08 ea 03 9b 46 41 8e 3c 0d 49 |MZ FA < I| 18 | generate_public_key: output: 19 | 000: ca 58 61 6f f9 25 d0 cd 1d a5 62 48 a0 15 5e ad | Xao % bH ^ | 20 | 010: a9 f3 5c 10 5f 20 b6 42 b0 a9 7c 1e 0e d7 e9 4b | \ _ B | K| 21 | 22 | generate_shared_secret: input: prv 23 | 000: a4 f4 b5 1c 8a 0a 09 f9 7e 98 22 ca 8a cc b3 f9 | ~ " | 24 | 010: 4d 5a 0d 02 0b 9d 08 ea 03 9b 46 41 8e 3c 0d 49 |MZ FA < I| 25 | generate_shared_secret: input: pub 26 | 000: ca 58 61 6f f9 25 d0 cd 1d a5 62 48 a0 15 5e ad | Xao % bH ^ | 27 | 010: a9 f3 5c 10 5f 20 b6 42 b0 a9 7c 1e 0e d7 e9 4b | \ _ B | K| 28 | generate_shared_secret: output: 29 | 000: 5d 94 7b 0b db 54 e8 70 8a 09 b0 db 6f 0b 0d 31 |] { T p o 1| 30 | 010: 1b b8 5f ba 57 74 34 bd 3b c5 c4 6c d5 ae a4 84 | _ Wt4 ; l | 31 | 32 | -------------------------------------------------------------------------------- /tests/tests-compress.expected: -------------------------------------------------------------------------------- 1 | original: input size = 0x200 2 | 000: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 3 | 010: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 4 | 020: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 5 | 030: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 6 | 040: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 7 | 050: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 8 | 060: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 9 | 070: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 10 | 080: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 11 | 090: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 12 | 0a0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 13 | 0b0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 14 | 0c0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 15 | 0d0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 16 | 0e0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 17 | 0f0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 18 | 100: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 19 | 110: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 20 | 120: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 21 | 130: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 22 | 140: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 23 | 150: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 24 | 160: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 25 | 170: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 26 | 180: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 27 | 190: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 28 | 1a0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 29 | 1b0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 30 | 1c0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 31 | 1d0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 32 | 1e0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 33 | 1f0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 34 | 35 | lzo1x: output size = 0x2f 36 | 000: 0d 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e | | 37 | 010: 0f 20 00 bc 3c 00 00 02 0c 0d 0e 0f 00 01 02 03 | < | 38 | 020: 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 11 00 00 | | 39 | 40 | zstd: output size = 0x21 41 | 000: 28 b5 2f fd 60 00 01 bd 00 00 80 00 01 02 03 04 |( / ` | 42 | 010: 05 06 07 08 09 0a 0b 0c 0d 0e 0f 01 00 da 47 9d | G | 43 | 020: 4b |K| 44 | 45 | -------------------------------------------------------------------------------- /tests/tests-elliptic.expected: -------------------------------------------------------------------------------- 1 | environment: input 2 | 000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | | 3 | 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 | | 4 | environment: key 5 | 000: 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 |UUUUUUUUUUUUUUUU| 6 | 010: 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 |UUUUUUUUUUUUUUUU| 7 | 8 | curve25519: output 9 | 000: 7f 42 1b f9 34 5a 59 84 4a 30 bc 53 64 74 fa 7c | B 4ZY J0 Sdt || 10 | 010: 15 81 77 a4 4d 34 6d 2f 8b c1 8c 05 d6 a9 44 54 | w M4m/ DT| 11 | 12 | -------------------------------------------------------------------------------- /tests/tests-hashing.expected: -------------------------------------------------------------------------------- 1 | environment: input size = 0x200 2 | 000: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 3 | 010: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 4 | 020: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 5 | 030: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 6 | 040: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 7 | 050: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 8 | 060: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 9 | 070: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 10 | 080: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 11 | 090: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 12 | 0a0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 13 | 0b0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 14 | 0c0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 15 | 0d0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 16 | 0e0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 17 | 0f0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 18 | 100: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 19 | 110: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 20 | 120: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 21 | 130: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 22 | 140: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 23 | 150: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 24 | 160: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 25 | 170: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 26 | 180: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 27 | 190: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 28 | 1a0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 29 | 1b0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 30 | 1c0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 31 | 1d0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 32 | 1e0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 33 | 1f0: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | | 34 | 35 | pearson_hash_256: output: 36 | 000: 40 09 5c ca 28 6b fb 93 4c 4a f7 c0 79 a8 04 5a |@ \ (k LJ y Z| 37 | 010: b5 3d cf b3 a7 ed 18 56 b2 d9 8f a8 2e a1 08 be | = V . | 38 | 39 | pearson_hash_128: output: 40 | 000: b5 3d cf b3 a7 ed 18 56 b2 d9 8f a8 2e a1 08 be | = V . | 41 | 42 | pearson_hash_64: output = 0xb2d98fa82ea108be 43 | 44 | pearson_hash_32: output = 0x2ea108be 45 | 46 | pearson_hash_16: output = 0x8be 47 | 48 | -------------------------------------------------------------------------------- /tests/tests-wire.expected: -------------------------------------------------------------------------------- 1 | environment: common.ttl = 2 2 | environment: common.flags = 0 3 | environment: common.community = "abc123def456z" 4 | 5 | REGISTER: common.pc = 1 6 | REGISTER: reg.cookie = 0 7 | REGISTER: reg.srcMac[] = 0:1:2:3:4:5 8 | REGISTER: reg.dstMac[] = 10:11:12:13:14:15 9 | REGISTER: reg.dev_addr.net_addr = 0x20212223 10 | REGISTER: reg.dev_addr.net_bitlen = 25 11 | REGISTER: reg.dev_desc = "Dummy_Dev_Desc" 12 | 13 | REGISTER: output retval = 0x24 14 | REGISTER: output idx = 0x3d 15 | 000: 03 02 00 01 61 62 63 31 32 33 64 65 66 34 35 36 | abc123def456| 16 | 010: 7a 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 |z | 17 | 020: 04 05 10 11 12 13 14 15 20 21 22 23 19 44 75 6d | !"# Dum| 18 | 030: 6d 79 5f 44 65 76 5f 44 65 73 63 00 00 |my_Dev_Desc | 19 | 20 | REGISTER_SUPER: common.pc = 5 21 | REGISTER_SUPER: reg.cookie = 0 22 | REGISTER_SUPER: reg.edgeMac[] = 20:21:22:23:24:25 23 | REGISTER_SUPER: reg.dev_addr.net_addr = 0x20212223 24 | REGISTER_SUPER: reg.dev_addr.net_bitlen = 25 25 | REGISTER_SUPER: reg.dev_desc = "Dummy_Dev_Desc" 26 | REGISTER_SUPER: reg.auth.scheme = 1 27 | REGISTER_SUPER: reg.auth.token_size = 16 28 | REGISTER_SUPER: reg.auth.token[0] = 0xfe 29 | REGISTER_SUPER: reg.key_time = 600 30 | 31 | REGISTER_SUPER: output retval = 0x36 32 | REGISTER_SUPER: output idx = 0x4f 33 | 000: 03 02 00 05 61 62 63 31 32 33 64 65 66 34 35 36 | abc123def456| 34 | 010: 7a 00 00 00 00 00 00 00 00 00 00 00 20 21 22 23 |z !"#| 35 | 020: 24 25 20 21 22 23 19 44 75 6d 6d 79 5f 44 65 76 |$% !"# Dummy_Dev| 36 | 030: 5f 44 65 73 63 00 00 00 01 00 10 fe 00 00 00 fd |_Desc | 37 | 040: 00 00 00 fc 00 00 00 00 00 00 fb 00 00 02 58 | X| 38 | 39 | UNREGISTER_SUPER: common.pc = 6 40 | UNREGISTER_SUPER: unreg.auth.scheme = 1 41 | UNREGISTER_SUPER: unreg.auth.token_size = 16 42 | UNREGISTER_SUPER: unreg.auth.token[0] = 0xfe 43 | UNREGISTER_SUPER: unreg.srcMac[] = 30:31:32:33:34:35 44 | 45 | UNREGISTER_SUPER: output retval = 0x19 46 | UNREGISTER_SUPER: output idx = 0x32 47 | 000: 03 02 00 06 61 62 63 31 32 33 64 65 66 34 35 36 | abc123def456| 48 | 010: 7a 00 00 00 00 00 00 00 00 01 00 10 fe 00 00 00 |z | 49 | 020: fd 00 00 00 fc 00 00 00 00 00 00 fb 30 31 32 33 | 0123| 50 | 030: 34 35 |45| 51 | 52 | -------------------------------------------------------------------------------- /tests/tests_integration.list: -------------------------------------------------------------------------------- 1 | # 2 | # The integration tests 3 | 4 | test_integration_supernode.sh 5 | test_integration_edge.sh 6 | -------------------------------------------------------------------------------- /tests/tests_units.list: -------------------------------------------------------------------------------- 1 | # 2 | # The unit tests 3 | 4 | tests-auth 5 | tests-compress 6 | tests-elliptic 7 | tests-hashing 8 | tests-transform 9 | tests-wire 10 | -------------------------------------------------------------------------------- /tools/Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # This is not a standalone makefile, it must be called from the toplevel 3 | # makefile to inherit the correct environment 4 | 5 | DEBUG?=-g3 6 | 7 | HEADERS=$(wildcard include/*.h) 8 | CFLAGS+=-I../include 9 | 10 | CFLAGS+=$(DEBUG) 11 | LDFLAGS+=-L.. 12 | 13 | N2N_LIB=../libn2n.a 14 | 15 | TOOLS+=n2n-benchmark$(EXE) 16 | TOOLS+=n2n-keygen$(EXE) 17 | TOOLS+=n2n-route$(EXE) 18 | TOOLS+=n2n-portfwd$(EXE) 19 | TOOLS+=n2n-decode$(EXE) 20 | 21 | TESTS=tests-compress$(EXE) 22 | TESTS+=tests-elliptic$(EXE) 23 | TESTS+=tests-hashing$(EXE) 24 | TESTS+=tests-transform$(EXE) 25 | TESTS+=tests-wire$(EXE) 26 | TESTS+=tests-auth$(EXE) 27 | 28 | .PHONY: all clean install 29 | all: $(TOOLS) $(TESTS) 30 | 31 | n2n-benchmark.o: $(N2N_LIB) $(HEADERS) ../config.mak 32 | n2n-keygen.o: $(N2N_LIB) $(HEADERS) ../config.mak 33 | n2n-route.o: $(N2N_LIB) $(HEADERS) ../config.mak 34 | n2n-portfwd.o: $(N2N_LIB) $(HEADERS) ../config.mak 35 | n2n-decode.o: $(N2N_LIB) $(HEADERS) ../config.mak 36 | 37 | ifneq (,$(findstring mingw,$(CONFIG_HOST_OS))) 38 | # HACK for windows. 39 | n2n-benchmark.exe: n2n-benchmark 40 | n2n-keygen.exe: n2n-keygen 41 | n2n-route.exe: n2n-route 42 | n2n-portfwd.exe: n2n-portfwd 43 | n2n-decode.exe: n2n-decode 44 | tests-compress.exe: tests-compress 45 | tests-elliptic.exe: tests-elliptic 46 | tests-hashing.exe: tests-hashing 47 | tests-transform.exe: tests-transform 48 | tests-wire.exe: tests-wire 49 | tests-auth.exe: tests-auth 50 | endif 51 | 52 | # See comments in the topdir Makefile about how to generate coverage 53 | # data. 54 | gcov: 55 | gcov $(TOOLS) $(TESTS) 56 | 57 | clean: 58 | rm -rf $(TOOLS) *.o *.dSYM *~ 59 | rm -f $(TESTS) *.gcno *.gcda 60 | 61 | install: $(TOOLS) 62 | $(INSTALL_PROG) $(TOOLS) $(SBINDIR)/ 63 | -------------------------------------------------------------------------------- /tools/n2n-keygen.c: -------------------------------------------------------------------------------- 1 | /* 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not, see 16 | * 17 | */ 18 | 19 | 20 | #include // for uint8_t 21 | #include // for fprintf, stdout, stderr 22 | #include // for memset, strcmp 23 | #include "auth.h" // for bin_to_ascii, bind_private_key_to_username, gene... 24 | #include "n2n.h" // for n2n_private_public_key_t, N2N_USER_KEY_LINE_STARTER 25 | 26 | 27 | int main(int argc, char * argv[]) { 28 | 29 | n2n_private_public_key_t prv; /* 32 bytes private key */ 30 | n2n_private_public_key_t bin; /* 32 bytes public key binary output buffer */ 31 | char asc[44]; /* 43 bytes + 0-terminator ascii string output */ 32 | uint8_t fed = 0; 33 | 34 | // exactly two parameters required 35 | if(argc != 3) { 36 | // error message to stderr to not interfere with batch usage 37 | fprintf(stderr, "\n" 38 | "n2n-keygen tool\n\n" 39 | " usage: n2n-keygen \n\n" 40 | " or n2n-keygen -F \n\n" 41 | " outputs a line to insert at supernode's community file for user-and-\n" 42 | " password authentication or a command line parameter with the public\n" 43 | " federation key for use at edge's command line, please refer to the\n" 44 | " doc/Authentication.md document or the man pages for more details\n\n"); 45 | return 1; 46 | } 47 | 48 | // federation mode? 49 | if(strcmp(argv[1], "-F") == 0) 50 | fed = 1; 51 | 52 | // derive private key from username and password: 53 | // hash username once, hash password twice (so password is bound 54 | // to username but username and password are not interchangeable), 55 | // finally xor the result 56 | // in federation mode: only hash federation name, twice 57 | generate_private_key(prv, argv[2]); 58 | 59 | // hash user name only if required 60 | if(!fed) { 61 | bind_private_key_to_username(prv, argv[1]); 62 | } 63 | 64 | // calculate the public key into binary output buffer 65 | generate_public_key(bin, prv); 66 | 67 | // clear out the private key 68 | memset(prv, 0, sizeof(prv)); 69 | 70 | // convert binary output to 6-bit-ascii string output 71 | bin_to_ascii(asc, bin, sizeof(bin)); 72 | 73 | // output 74 | if(fed) 75 | fprintf(stdout, "-P %s\n", asc); 76 | else 77 | fprintf(stdout, "%c %s %s\n", N2N_USER_KEY_LINE_STARTER, argv[1], asc); 78 | 79 | return 0; 80 | } 81 | -------------------------------------------------------------------------------- /tools/tests-auth.c: -------------------------------------------------------------------------------- 1 | /* 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not, see 16 | * 17 | */ 18 | 19 | 20 | #include // for uint8_t 21 | #include // for printf, fprintf, stdout, stderr 22 | #include // for memset 23 | #include "auth.h" // for ascii_to_bin, bin_to_ascii, generate_private_key 24 | #include "hexdump.h" // for fhexdump 25 | #include "n2n.h" // for n2n_private_public_key_t 26 | 27 | 28 | uint8_t PKT_CONTENT1[]={ 29 | 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 30 | }; 31 | 32 | char *PKT_CONTENT2 = "00420mG51WS82GeB30qE3m"; 33 | 34 | void test_bin_to_ascii (void *buf, unsigned int bufsize) { 35 | char *test_name = "bin_to_ascii"; 36 | char out[32]; 37 | 38 | printf("%s: input size = 0x%x\n", test_name, bufsize); 39 | fhexdump(0, buf, bufsize, stdout); 40 | 41 | bin_to_ascii(out, buf, bufsize); 42 | 43 | printf("%s: output: %s\n", test_name, out); 44 | 45 | fprintf(stderr, "%s: tested\n", test_name); 46 | printf("\n"); 47 | } 48 | 49 | void test_ascii_to_bin (char *buf) { 50 | char *test_name = "ascii_to_bin"; 51 | uint8_t out[32]; 52 | memset(out, 0, sizeof(out)); 53 | 54 | printf("%s: input = %s\n", test_name, buf); 55 | 56 | ascii_to_bin(out, buf); 57 | // TODO: 58 | // - it would be nice if the function returned the bufsize, 59 | // - or took an allocation size as input 60 | 61 | printf("%s: output:\n", test_name); 62 | fhexdump(0, out, sizeof(out), stdout); 63 | 64 | fprintf(stderr, "%s: tested\n", test_name); 65 | printf("\n"); 66 | } 67 | 68 | void test_generate_private_key (char *in, n2n_private_public_key_t prv) { 69 | char *test_name = "generate_private_key"; 70 | 71 | printf("%s: input = %s\n", test_name, in); 72 | 73 | generate_private_key(prv, in); 74 | 75 | printf("%s: output:\n", test_name); 76 | fhexdump(0, prv, sizeof(n2n_private_public_key_t), stdout); 77 | 78 | fprintf(stderr, "%s: tested\n", test_name); 79 | printf("\n"); 80 | } 81 | 82 | void test_generate_public_key (n2n_private_public_key_t prv, n2n_private_public_key_t pub) { 83 | char *test_name = "generate_public_key"; 84 | 85 | printf("%s: input:\n", test_name); 86 | fhexdump(0, prv, sizeof(n2n_private_public_key_t), stdout); 87 | 88 | generate_public_key(pub, prv); 89 | 90 | printf("%s: output:\n", test_name); 91 | fhexdump(0, pub, sizeof(n2n_private_public_key_t), stdout); 92 | 93 | fprintf(stderr, "%s: tested\n", test_name); 94 | printf("\n"); 95 | } 96 | 97 | void test_generate_shared_secret (n2n_private_public_key_t prv, n2n_private_public_key_t pub) { 98 | char *test_name = "generate_shared_secret"; 99 | n2n_private_public_key_t out; 100 | 101 | printf("%s: input: prv\n", test_name); 102 | fhexdump(0, prv, sizeof(n2n_private_public_key_t), stdout); 103 | printf("%s: input: pub\n", test_name); 104 | fhexdump(0, pub, sizeof(n2n_private_public_key_t), stdout); 105 | 106 | generate_shared_secret(out, prv, pub); 107 | 108 | printf("%s: output:\n", test_name); 109 | fhexdump(0, out, sizeof(out), stdout); 110 | 111 | fprintf(stderr, "%s: tested\n", test_name); 112 | printf("\n"); 113 | } 114 | 115 | int main (int argc, char * argv[]) { 116 | 117 | test_bin_to_ascii(PKT_CONTENT1, sizeof(PKT_CONTENT1)); 118 | test_ascii_to_bin(PKT_CONTENT2); 119 | 120 | n2n_private_public_key_t prv; 121 | memset(prv, 0, sizeof(prv)); 122 | n2n_private_public_key_t pub; 123 | memset(pub, 0, sizeof(pub)); 124 | 125 | test_generate_private_key(PKT_CONTENT2, prv); 126 | test_generate_public_key(prv, pub); 127 | test_generate_shared_secret(prv, pub); 128 | 129 | return 0; 130 | } 131 | 132 | -------------------------------------------------------------------------------- /tools/tests-elliptic.c: -------------------------------------------------------------------------------- 1 | /* 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not, see 16 | * 17 | */ 18 | 19 | 20 | #include // for printf, fprintf, stdout, stderr 21 | #include // for memset 22 | #include "curve25519.h" // for curve25519 23 | #include "hexdump.h" // for fhexdump 24 | 25 | 26 | void test_curve25519 (unsigned char *pkt_input, unsigned char *key) { 27 | char *test_name = "curve25519"; 28 | unsigned char pkt_output[32]; 29 | 30 | curve25519(pkt_output, key, pkt_input); 31 | 32 | printf("%s: output\n", test_name); 33 | fhexdump(0, pkt_output, sizeof(pkt_output), stdout); 34 | 35 | fprintf(stderr, "%s: tested\n", test_name); 36 | printf("\n"); 37 | } 38 | 39 | int main (int argc, char * argv[]) { 40 | char *test_name = "environment"; 41 | 42 | unsigned char key[32]; 43 | unsigned char pkt_input[32]; 44 | 45 | memset(pkt_input, 0, 31); 46 | pkt_input[31] = 9; 47 | 48 | memset(key, 0x55, 32); 49 | 50 | printf("%s: input\n", test_name); 51 | fhexdump(0, pkt_input, sizeof(pkt_input), stdout); 52 | printf("%s: key\n", test_name); 53 | fhexdump(0, key, sizeof(key), stdout); 54 | printf("\n"); 55 | 56 | test_curve25519(pkt_input, key); 57 | 58 | return 0; 59 | } 60 | 61 | -------------------------------------------------------------------------------- /tools/tests-hashing.c: -------------------------------------------------------------------------------- 1 | /* 2 | * (C) 2007-22 - ntop.org and contributors 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not, see 16 | * 17 | */ 18 | 19 | 20 | #include // for PRIx64, PRIx16, PRIx32 21 | #include // for uint8_t, uint16_t, uint32_t, uint64_t 22 | #include // for printf, fprintf, stderr, stdout 23 | #include "n2n.h" 24 | #include "hexdump.h" // for fhexdump 25 | #include "pearson.h" // for pearson_hash_128, pearson_hash_16, pearson_has... 26 | 27 | 28 | uint8_t PKT_CONTENT[]={ 29 | 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 30 | 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 31 | 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 32 | 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 33 | 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 34 | 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 35 | 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 36 | 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 37 | 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 38 | 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 39 | 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 40 | 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 41 | 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 42 | 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 43 | 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 44 | 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 45 | }; 46 | 47 | void test_pearson_16 (void *buf, unsigned int bufsize) { 48 | char *test_name = "pearson_hash_16"; 49 | 50 | uint16_t hash = pearson_hash_16(buf, bufsize); 51 | 52 | printf("%s: output = 0x%" PRIx16 "\n", test_name, hash); 53 | 54 | fprintf(stderr, "%s: tested\n", test_name); 55 | printf("\n"); 56 | } 57 | 58 | void test_pearson_32 (void *buf, unsigned int bufsize) { 59 | char *test_name = "pearson_hash_32"; 60 | 61 | uint32_t hash = pearson_hash_32(buf, bufsize); 62 | 63 | printf("%s: output = 0x%" PRIx32 "\n", test_name, hash); 64 | 65 | fprintf(stderr, "%s: tested\n", test_name); 66 | printf("\n"); 67 | } 68 | 69 | void test_pearson_64 (void *buf, unsigned int bufsize) { 70 | char *test_name = "pearson_hash_64"; 71 | 72 | uint64_t hash = pearson_hash_64(buf, bufsize); 73 | 74 | printf("%s: output = 0x%" PRIx64 "\n", test_name, hash); 75 | 76 | fprintf(stderr, "%s: tested\n", test_name); 77 | printf("\n"); 78 | } 79 | 80 | void test_pearson_128 (void *buf, unsigned int bufsize) { 81 | char *test_name = "pearson_hash_128"; 82 | 83 | uint8_t hash[16]; 84 | pearson_hash_128(hash, buf, bufsize); 85 | 86 | printf("%s: output:\n", test_name); 87 | fhexdump(0, hash, sizeof(hash), stdout); 88 | 89 | fprintf(stderr, "%s: tested\n", test_name); 90 | printf("\n"); 91 | } 92 | 93 | void test_pearson_256 (void *buf, unsigned int bufsize) { 94 | char *test_name = "pearson_hash_256"; 95 | 96 | uint8_t hash[32]; 97 | pearson_hash_256(hash, buf, bufsize); 98 | 99 | printf("%s: output:\n", test_name); 100 | fhexdump(0, hash, sizeof(hash), stdout); 101 | 102 | fprintf(stderr, "%s: tested\n", test_name); 103 | printf("\n"); 104 | } 105 | 106 | int main (int argc, char * argv[]) { 107 | pearson_hash_init(); 108 | 109 | char *test_name = "environment"; 110 | printf("%s: input size = 0x%" PRIx64 "\n", test_name, sizeof(PKT_CONTENT)); 111 | fhexdump(0, PKT_CONTENT, sizeof(PKT_CONTENT), stdout); 112 | printf("\n"); 113 | 114 | test_pearson_256(PKT_CONTENT, sizeof(PKT_CONTENT)); 115 | test_pearson_128(PKT_CONTENT, sizeof(PKT_CONTENT)); 116 | test_pearson_64(PKT_CONTENT, sizeof(PKT_CONTENT)); 117 | test_pearson_32(PKT_CONTENT, sizeof(PKT_CONTENT)); 118 | test_pearson_16(PKT_CONTENT, sizeof(PKT_CONTENT)); 119 | 120 | return 0; 121 | } 122 | 123 | -------------------------------------------------------------------------------- /uncrustify.cfg: -------------------------------------------------------------------------------- 1 | # Initial rules taken from a quick discussion 2 | # (See https://github.com/ntop/n2n/commit/00159d0d012c6836fd972af1748833eeaf50fa22#commitcomment-57137247) 3 | 4 | # 4 space indention (never use tabs) 5 | indent_columns = 4 6 | indent_with_tabs = 0 7 | indent_switch_case = 4 8 | 9 | # space between name and bracket during function define 10 | sp_func_def_paren = force 11 | sp_func_proto_paren = force 12 | 13 | # no space between name and bracket during call 14 | sp_func_call_paren = remove 15 | 16 | # no space after if and while 17 | sp_before_sparen = remove 18 | #sp_while_paren_open = remove # only in newer uncrustify 19 | 20 | # block-braces as seen above 21 | nl_if_brace = remove 22 | nl_brace_else = remove 23 | nl_elseif_brace = remove 24 | nl_else_brace = remove 25 | #nl_before_opening_brace_func_class_def = remove # only in newer uncrustify 26 | nl_for_brace = remove 27 | nl_while_brace = remove 28 | 29 | # multi-line parameters with indentation under the opening bracket 30 | # looks like this is the default, but might be the following: 31 | #indent_func_call_param = false ? 32 | 33 | # Want to keep var definition alignment 34 | #align_keep_extra_space = true 35 | -------------------------------------------------------------------------------- /wireshark/README.md: -------------------------------------------------------------------------------- 1 | Wireshark Lua plugin to dissect n2n traffic. 2 | 3 | Quick load: 4 | 5 | ``` 6 | wireshark -X lua_script:n2n.lua 7 | ``` 8 | 9 | NOTE: the dissector only decodes traffic on UDP port 50001. In order to decode n2n traffic on another UDP port you can use the "Decode As..." function of wireshark. 10 | --------------------------------------------------------------------------------