search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
trafgen: comment out unimplemented functions
[netsniff-ng.git] / src / curvetun.c
blob0978af4ef940de8a084871652acc9b35b8bb45d5
1 /*
2 * curvetun - the cipherspace wormhole creator
3 * Part of the netsniff-ng project
4 * By Daniel Borkmann <daniel@netsniff-ng.org>
5 * Copyright 2011 Daniel Borkmann <dborkma@tik.ee.ethz.ch>,
6 * Copyright 2011 Emmanuel Roullit.
7 * Subject to the GPL, version 2.
8 *
9 * This is curvetun, a lightweight, high-speed ECDH multiuser IP tunnel for
10 * Linux that is based on epoll(2). curvetun uses the Linux TUN/TAP interface
11 * and supports {IPv4,IPv6} over {IPv4,IPv6} with UDP or TCP as carrier
12 * protocols. It has an integrated packet forwarding trie, thus multiple
13 * users with different IPs can be handled via a single tunnel device on the
14 * server side and flows are scheduled for processing in a CPU-local manner.
15 * For transmission, packets are being compressed and encrypted by both, the
16 * client and the server side. As an appropriate key management, public-key
17 * cryptography based on elliptic curves are being used and packets are
18 * encrypted by a symmetric stream cipher (Salsa20) and authenticated by a MAC
19 * (Poly1305), where keys have previously been computed with the ECDH key
20 * agreement protocol (Curve25519). Cryptography is based on Daniel J.
21 * Bernsteins Networking and Cryptography library (NaCl).
22 *
23 * He used often to say there was only one Road; that it was like a great
24 * river: it's springs were at every doorstep and every path was it's
25 * tributary. "It's a dangerous business, Frodo, going out of your door,"
26 * he used to say. "You step into the Road, and if you don't keep your
27 * feet, there is no telling where you might be swept off to."
28 *
29 * -- The Lord of the Rings, Frodo about his uncle Bilbo Baggins,
30 * Chapter 'Three is Company'.
31 */
32
33 /*
34
35 =head1 NAME
36
37 curvetun - lightweight curve25519-based multiuser IP tunnel
38
39 =head1 SYNOPSIS
40
41 curvetun [-d|--dev <tun>][-x|--export][-C|--dumpc][-S|--dumps]
42 [-k|--keygen][-c|--client [<alias>]][-s|--server][-N|--no-logging]
43 [-p|--port <num>][-t|--stun <server>][-4|--ipv4][-6|--ipv6]
44 [-v|--version][-h|--help]
45
46 =head1 DESCRIPTION
47
48 curvetun embeds a client and a server to build and manage multiuser
49 IP tunnels using Elliptic Curve Cryptography (ECC)
50
51 =head1 EXAMPLES
52
53 =over
54
55 =item curvetun --keygen
56
57 Generate public/private keypair. This needs to be done before
58 to get things started.
59
60 =item curvetun --export
61
62 Export public data to remote servers
63
64 =item curvetun --server -4 -u -N --port 6666 --stun stunserver.org
65
66 Start a UDP IPv4 curvetun server on port 6666.
67 Use stunserver.org as STUN server.
68
69 =item curvetun --client=ethz
70
71 Start curvetun client using the profile called 'ethz'
72
73 =back
74
75 =head1 OPTIONS
76
77 =over
78
79 =item -k|--keygen
80
81 Generate public/private keypair.
82
83 =item -x|--export
84
85 Export your public data for remote servers.
86
87 =item -C|--dumpc
88
89 Dump parsed clients.
90
91 =item -S|--dumps
92
93 Dump parsed servers.
94
95 =item -D|--nofork
96
97 Do not daemonize.
98
99 =item -d|--dev <tun>
100
101 Networking tunnel device, e.g. tun0.
102
103 =item -c|--client [<alias>]
104
105 Client mode, server alias optional.
106
107 =item -s|--server
108
109 Server mode.
110
111 =item -N|--no-logging
112
113 Disable server logging (for better anonymity).
114
115 =item -p|--port <num>
116
117 Port number (mandatory).
118
119 =item -t|--stun <server>
120
121 Show public IP/Port mapping via STUN.
122
123 =item -u|--udp
124
125 Use UDP as carrier instead of TCP.
126
127 =item -4|--ipv4
128
129 Tunnel devices are IPv4.
130
131 =item -6|--ipv6
132
133 Tunnel devices are IPv6.
134
135 =item -v|--version
136
137 Print version.
138
139 =item -h|--help
140
141 Print help text and lists all options.
142
143 =back
144
145 =head1 AUTHOR
146
147 Written by Daniel Borkmann <daniel@netsniff-ng.org> and Emmanuel Roullit <emmanuel@netsniff-ng.org>
148
149 =head1 DOCUMENTATION
150
151 Documentation by Emmanuel Roullit <emmanuel@netsniff-ng.org>
152
153 =head1 BUGS
154
155 Please report bugs to <bugs@netsniff-ng.org>
156
157 =cut
158
159 */
160
161 #define _GNU_SOURCE
162 #include <stdio.h>
163 #include <stdlib.h>
164 #include <fcntl.h>
165 #include <string.h>
166 #include <ctype.h>
167 #include <getopt.h>
168 #include <errno.h>
169 #include <stdbool.h>
170 #include <limits.h>
171 #include <sys/types.h>
172 #include <sys/stat.h>
173 #include <sys/socket.h>
174 #include <sys/ptrace.h>
175 #include <netinet/in.h>
176 #include <unistd.h>
177 #include <signal.h>
178
179 #include "xutils.h"
180 #include "die.h"
181 #include "xmalloc.h"
182 #include "curvetun.h"
183 #include "curve.h"
184 #include "ct_usermgmt.h"
185 #include "ct_servmgmt.h"
186 #include "xio.h"
187 #include "tprintf.h"
188 #include "crypto_verify_32.h"
189 #include "crypto_box_curve25519xsalsa20poly1305.h"
190 #include "crypto_scalarmult_curve25519.h"
191 #include "crypto_auth_hmacsha512256.h"
192
193 #define CURVETUN_ENTROPY_SOURCE "/dev/random"
194
195 extern void print_stun_probe(char *server, uint16_t sport, uint16_t tunport);
196
197 enum working_mode {
198 MODE_UNKNOW,
199 MODE_KEYGEN,
200 MODE_EXPORT,
201 MODE_DUMPC,
202 MODE_DUMPS,
203 MODE_CLIENT,
204 MODE_SERVER,
205 };
206
207 volatile sig_atomic_t sigint = 0;
208
209 static const char *short_options = "kxc::svhp:t:d:uCS46DN";
210
211 static struct option long_options[] = {
212 {"client", optional_argument, 0, 'c'},
213 {"dev", required_argument, 0, 'd'},
214 {"port", required_argument, 0, 'p'},
215 {"stun", required_argument, 0, 't'},
216 {"keygen", no_argument, 0, 'k'},
217 {"export", no_argument, 0, 'x'},
218 {"dumpc", no_argument, 0, 'C'},
219 {"dumps", no_argument, 0, 'S'},
220 {"no-logging", no_argument, 0, 'N'},
221 {"server", no_argument, 0, 's'},
222 {"udp", no_argument, 0, 'u'},
223 {"ipv4", no_argument, 0, '4'},
224 {"ipv6", no_argument, 0, '6'},
225 {"nofork", no_argument, 0, 'D'},
226 {"version", no_argument, 0, 'v'},
227 {"help", no_argument, 0, 'h'},
228 {0, 0, 0, 0}
229 };
230
231 static void signal_handler(int number)
232 {
233 switch (number) {
234 case SIGINT:
235 sigint = 1;
236 break;
237 default:
238 break;
239 }
240 }
241
242 static void header(void)
243 {
244 printf("%s%s%s\n", colorize_start(bold), "curvetun "
245 VERSION_STRING, colorize_end());
246 }
247
248 static void help(void)
249 {
250 printf("\ncurvetun %s, lightweight curve25519-based multiuser IP tunnel\n",
251 VERSION_STRING);
252 printf("http://www.netsniff-ng.org\n\n");
253 printf("Usage: curvetun [options]\n");
254 printf("Options, general:\n");
255 printf(" -k|--keygen Generate public/private keypair\n");
256 printf(" -x|--export Export your public data for remote servers\n");
257 printf(" -C|--dumpc Dump parsed clients\n");
258 printf(" -S|--dumps Dump parsed servers\n");
259 printf(" -D|--nofork Do not daemonize\n");
260 printf(" -d|--dev <tun> Networking tunnel device, e.g. tun0\n");
261 printf(" -v|--version Print version\n");
262 printf(" -h|--help Print this help\n");
263 printf("Options for client:\n");
264 printf(" -c|--client[=alias] Client mode, server alias optional\n");
265 printf("Options for servers:\n");
266 printf(" -s|--server Server mode\n");
267 printf(" -N|--no-logging Disable server logging (for better anonymity)\n");
268 printf(" -p|--port <num> Port number (mandatory)\n");
269 printf(" -t|--stun <server> Show public IP/Port mapping via STUN\n");
270 printf(" -u|--udp Use UDP as carrier instead of TCP\n");
271 printf(" -4|--ipv4 Tunnel devices are IPv4\n");
272 printf(" -6|--ipv6 Tunnel devices are IPv6\n");
273 printf(" (default: same as carrier protocol)\n");
274 printf("\n");
275 printf("Example:\n");
276 printf(" See Documentation/Curvetun for a configuration example.\n");
277 printf(" curvetun --keygen\n");
278 printf(" curvetun --export\n");
279 printf(" curvetun --server -4 -u -N --port 6666 --stun stunserver.org\n");
280 printf(" curvetun --client=ethz\n");
281 printf("\n");
282 printf("Note:\n");
283 printf(" There is no default port specified, so that you are forced\n");
284 printf(" to select your own! For client/server status messages see syslog!\n");
285 printf(" This software is an experimental prototype intended for researchers.\n");
286 printf("\n");
287 printf("Secret ingredient: 7647-14-5\n");
288 printf("\n");
289 printf("Please report bugs to <bugs@netsniff-ng.org>\n");
290 printf("Copyright (C) 2011-2012 Daniel Borkmann <dborkma@tik.ee.ethz.ch>,\n");
291 printf("License: GNU GPL version 2\n");
292 printf("This is free software: you are free to change and redistribute it.\n");
293 printf("There is NO WARRANTY, to the extent permitted by law.\n\n");
294 die();
295 }
296
297 static void version(void)
298 {
299 printf("\ncurvetun %s, lightweight curve25519-based multiuser IP tunnel\n",
300 VERSION_STRING);
301 printf("Build: %s\n", BUILD_STRING);
302 printf("http://www.netsniff-ng.org\n\n");
303 printf("Please report bugs to <bugs@netsniff-ng.org>\n");
304 printf("Copyright (C) 2011-2012 Daniel Borkmann <dborkma@tik.ee.ethz.ch>,\n");
305 printf("License: GNU GPL version 2\n");
306 printf("This is free software: you are free to change and redistribute it.\n");
307 printf("There is NO WARRANTY, to the extent permitted by law.\n\n");
308 die();
309 }
310
311 static void check_file_or_die(char *home, char *file, int maybeempty)
312 {
313 char path[PATH_MAX];
314 struct stat st;
315
316 memset(path, 0, sizeof(path));
317 slprintf(path, sizeof(path), "%s/%s", home, file);
318
319 if (stat(path, &st))
320 panic("No such file %s! Type --help for further information\n",
321 path);
322
323 if (!S_ISREG(st.st_mode))
324 panic("%s is not a regular file!\n", path);
325
326 if ((st.st_mode & ~S_IFREG) != (S_IRUSR | S_IWUSR))
327 panic("You have set too many permissions on %s (%o)!\n",
328 path, st.st_mode);
329
330 if (maybeempty == 0 && st.st_size == 0)
331 panic("%s is empty!\n", path);
332 }
333
334 static void check_config_exists_or_die(char *home)
335 {
336 if (!home)
337 panic("No home dir specified!\n");
338
339 check_file_or_die(home, FILE_CLIENTS, 1);
340 check_file_or_die(home, FILE_SERVERS, 1);
341 check_file_or_die(home, FILE_PRIVKEY, 0);
342 check_file_or_die(home, FILE_PUBKEY, 0);
343 check_file_or_die(home, FILE_USERNAM, 0);
344 }
345
346 static char *fetch_home_dir(void)
347 {
348 char *home = getenv("HOME");
349 if (!home)
350 panic("No HOME defined!\n");
351 return home;
352 }
353
354 static void write_username(char *home)
355 {
356 int fd, ret;
357 char path[PATH_MAX], *eof;
358 char user[512];
359
360 memset(path, 0, sizeof(path));
361 slprintf(path, sizeof(path), "%s/%s", home, FILE_USERNAM);
362
363 printf("Username: [%s] ", getenv("USER"));
364 fflush(stdout);
365
366 memset(user, 0, sizeof(user));
367 eof = fgets(user, sizeof(user), stdin);
368 user[sizeof(user) - 1] = 0;
369 user[strlen(user) - 1] = 0; /* omit last \n */
370 if (strlen(user) == 0)
371 strlcpy(user, getenv("USER"), sizeof(user));
372
373 fd = open_or_die_m(path, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
374
375 ret = write(fd, user, strlen(user));
376 if (ret != strlen(user))
377 panic("Could not write username!\n");
378
379 close(fd);
380
381 printf("Username written to %s!\n", path);
382 }
383
384 static void create_curvedir(char *home)
385 {
386 int ret;
387 char path[PATH_MAX];
388
389 memset(path, 0, sizeof(path));
390 slprintf(path, sizeof(path), "%s/%s", home, ".curvetun/");
391
392 errno = 0;
393
394 ret = mkdir(path, S_IRWXU);
395 if (ret < 0 && errno != EEXIST)
396 panic("Cannot create curvetun dir!\n");
397
398 printf("curvetun directory %s created!\n", path);
399 /* We also create empty files for clients and servers! */
400
401 memset(path, 0, sizeof(path));
402 slprintf(path, sizeof(path), "%s/%s", home, FILE_CLIENTS);
403
404 create_or_die(path, S_IRUSR | S_IWUSR);
405
406 printf("Empty client file written to %s!\n", path);
407
408 memset(path, 0, sizeof(path));
409 slprintf(path, sizeof(path), "%s/%s", home, FILE_SERVERS);
410
411 create_or_die(path, S_IRUSR | S_IWUSR);
412
413 printf("Empty server file written to %s!\n", path);
414 }
415
416 static void create_keypair(char *home)
417 {
418 int fd, err = 0;
419 ssize_t ret;
420 unsigned char publickey[crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES] = { 0 };
421 unsigned char secretkey[crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES] = { 0 };
422 char path[PATH_MAX];
423 const char * errstr = NULL;
424
425 printf("Reading from %s (this may take a while) ...\n", CURVETUN_ENTROPY_SOURCE);
426
427 fd = open_or_die(CURVETUN_ENTROPY_SOURCE, O_RDONLY);
428
429 ret = read_exact(fd, secretkey, sizeof(secretkey), 0);
430 if (ret != sizeof(secretkey)) {
431 err = EIO;
432 errstr = "Cannot read from "CURVETUN_ENTROPY_SOURCE"!\n";
433 goto out;
434 }
435
436 close(fd);
437
438 crypto_scalarmult_curve25519_base(publickey, secretkey);
439
440 memset(path, 0, sizeof(path));
441 slprintf(path, sizeof(path), "%s/%s", home, FILE_PUBKEY);
442
443 fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
444 if (fd < 0) {
445 err = EIO;
446 errstr = "Cannot open pubkey file!\n";
447 goto out;
448 }
449
450 ret = write(fd, publickey, sizeof(publickey));
451 if (ret != sizeof(publickey)) {
452 err = EIO;
453 errstr = "Cannot write public key!\n";
454 goto out;
455 }
456
457 close(fd);
458
459 printf("Public key written to %s!\n", path);
460
461 memset(path, 0, sizeof(path));
462 slprintf(path, sizeof(path), "%s/%s", home, FILE_PRIVKEY);
463
464 fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
465 if (fd < 0) {
466 err = EIO;
467 errstr = "Cannot open privkey file!\n";
468 goto out;
469 }
470
471 ret = write(fd, secretkey, sizeof(secretkey));
472 if (ret != sizeof(secretkey)) {
473 err = EIO;
474 errstr = "Cannot write private key!\n";
475 goto out;
476 }
477 out:
478 close(fd);
479
480 xmemset(publickey, 0, sizeof(publickey));
481 xmemset(secretkey, 0, sizeof(secretkey));
482
483 if (err)
484 panic("%s: %s", errstr, strerror(errno));
485 else
486 printf("Private key written to %s!\n", path);
487 }
488
489 static void check_config_keypair_or_die(char *home)
490 {
491 int fd, err;
492 ssize_t ret;
493 const char * errstr = NULL;
494 unsigned char publickey[crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES];
495 unsigned char publicres[crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES];
496 unsigned char secretkey[crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES];
497 char path[PATH_MAX];
498
499 memset(path, 0, sizeof(path));
500 slprintf(path, sizeof(path), "%s/%s", home, FILE_PRIVKEY);
501
502 fd = open(path, O_RDONLY);
503 if (fd < 0) {
504 err = EIO;
505 errstr = "Cannot open privkey file!\n";
506 goto out;
507 }
508
509 ret = read(fd, secretkey, sizeof(secretkey));
510 if (ret != sizeof(secretkey)) {
511 err = EIO;
512 errstr = "Cannot read private key!\n";
513 goto out;
514 }
515
516 close(fd);
517
518 memset(path, 0, sizeof(path));
519 slprintf(path, sizeof(path), "%s/%s", home, FILE_PUBKEY);
520
521 fd = open(path, O_RDONLY);
522 if (fd < 0) {
523 err = EIO;
524 errstr = "Cannot open pubkey file!\n";
525 goto out;
526 }
527
528 ret = read(fd, publickey, sizeof(publickey));
529 if (ret != sizeof(publickey)) {
530 err = EIO;
531 errstr = "Cannot read public key!\n";
532 goto out;
533 }
534
535 crypto_scalarmult_curve25519_base(publicres, secretkey);
536
537 err = crypto_verify_32(publicres, publickey);
538 if (err) {
539 err = EINVAL;
540 errstr = "WARNING: your keypair is corrupted!!! You need to "
541 "generate new keys!!!\n";
542 goto out;
543 }
544 out:
545 close(fd);
546
547 xmemset(publickey, 0, sizeof(publickey));
548 xmemset(publicres, 0, sizeof(publicres));
549 xmemset(secretkey, 0, sizeof(secretkey));
550
551 if (err)
552 panic("%s: %s\n", errstr, strerror(errno));
553 }
554
555 static int main_keygen(char *home)
556 {
557 create_curvedir(home);
558 write_username(home);
559 create_keypair(home);
560 check_config_keypair_or_die(home);
561
562 return 0;
563 }
564
565 static int main_export(char *home)
566 {
567 int fd, i;
568 ssize_t ret;
569 char path[PATH_MAX], tmp[64];
570
571 check_config_exists_or_die(home);
572 check_config_keypair_or_die(home);
573
574 printf("Your exported public information:\n\n");
575
576 memset(path, 0, sizeof(path));
577 slprintf(path, sizeof(path), "%s/%s", home, FILE_USERNAM);
578
579 fd = open_or_die(path, O_RDONLY);
580
581 while ((ret = read(fd, tmp, sizeof(tmp))) > 0) {
582 ret = write(STDOUT_FILENO, tmp, ret);
583 }
584
585 close(fd);
586
587 printf(";");
588
589 memset(path, 0, sizeof(path));
590 slprintf(path, sizeof(path), "%s/%s", home, FILE_PUBKEY);
591
592 fd = open_or_die(path, O_RDONLY);
593
594 ret = read(fd, tmp, sizeof(tmp));
595 if (ret != crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES)
596 panic("Cannot read public key!\n");
597
598 for (i = 0; i < ret; ++i)
599 if (i == ret - 1)
600 printf("%02x\n\n", (unsigned char) tmp[i]);
601 else
602 printf("%02x:", (unsigned char) tmp[i]);
603
604 close(fd);
605 fflush(stdout);
606
607 return 0;
608 }
609
610 static int main_dumpc(char *home)
611 {
612 check_config_exists_or_die(home);
613 check_config_keypair_or_die(home);
614
615 printf("Your clients:\n\n");
616
617 parse_userfile_and_generate_user_store_or_die(home);
618
619 dump_user_store();
620
621 destroy_user_store();
622
623 printf("\n");
624 die();
625 return 0;
626 }
627
628 static int main_dumps(char *home)
629 {
630 check_config_exists_or_die(home);
631 check_config_keypair_or_die(home);
632
633 printf("Your servers:\n\n");
634
635 parse_userfile_and_generate_serv_store_or_die(home);
636
637 dump_serv_store();
638
639 destroy_serv_store();
640
641 printf("\n");
642 die();
643 return 0;
644 }
645
646 static void daemonize(const char *lockfile)
647 {
648 char pidstr[8];
649 mode_t lperm = S_IRWXU | S_IRGRP | S_IXGRP; /* 0750 */
650 int lfp;
651
652 if (getppid() == 1)
653 return;
654
655 if (daemon(0, 0))
656 panic("Cannot daemonize: %s", strerror(errno));
657
658 umask(lperm);
659 if (lockfile) {
660 lfp = open(lockfile, O_RDWR | O_CREAT | O_EXCL,
661 S_IRUSR | S_IWUSR | S_IRGRP);
662 if (lfp < 0)
663 syslog_panic("Cannot create lockfile at %s! "
664 "curvetun server already running?\n",
665 lockfile);
666
667 slprintf(pidstr, sizeof(pidstr), "%u", getpid());
668 if (write(lfp, pidstr, strlen(pidstr)) <= 0)
669 syslog_panic("Could not write pid to pidfile %s",
670 lockfile);
671
672 close(lfp);
673 }
674 }
675
676 static int main_client(char *home, char *dev, char *alias, int daemon)
677 {
678 int ret, udp;
679 char *host, *port;
680
681 check_config_exists_or_die(home);
682 check_config_keypair_or_die(home);
683
684 parse_userfile_and_generate_serv_store_or_die(home);
685
686 get_serv_store_entry_by_alias(alias, alias ? strlen(alias) + 1 : 0,
687 &host, &port, &udp);
688 if (!host || !port || udp < 0)
689 panic("Did not find alias/entry in configuration!\n");
690
691 printf("Using [%s] -> %s:%s via %s as endpoint!\n",
692 alias ? : "default", host, port, udp ? "udp" : "tcp");
693 if (daemon)
694 daemonize(NULL);
695
696 ret = client_main(home, dev, host, port, udp);
697
698 destroy_serv_store();
699
700 return ret;
701 }
702
703 static int main_server(char *home, char *dev, char *port, int udp,
704 int ipv4, int daemon, int log)
705 {
706 int ret;
707
708 check_config_exists_or_die(home);
709 check_config_keypair_or_die(home);
710
711 if (daemon)
712 daemonize(LOCKFILE);
713
714 ret = server_main(home, dev, port, udp, ipv4, log);
715
716 unlink(LOCKFILE);
717
718 return ret;
719 }
720
721 int main(int argc, char **argv)
722 {
723 int ret = 0, c, opt_index, udp = 0, ipv4 = -1, daemon = 1, log = 1;
724 char *port = NULL, *stun = NULL, *dev = NULL, *home = NULL, *alias = NULL;
725 enum working_mode wmode = MODE_UNKNOW;
726
727 if (getuid() != geteuid())
728 seteuid(getuid());
729
730 home = fetch_home_dir();
731
732 while ((c = getopt_long(argc, argv, short_options, long_options,
733 &opt_index)) != EOF) {
734 switch (c) {
735 case 'h':
736 help();
737 break;
738 case 'v':
739 version();
740 break;
741 case 'D':
742 daemon = 0;
743 break;
744 case 'N':
745 log = 0;
746 break;
747 case 'C':
748 wmode = MODE_DUMPC;
749 break;
750 case 'S':
751 wmode = MODE_DUMPS;
752 break;
753 case 'c':
754 wmode = MODE_CLIENT;
755 if (optarg) {
756 if (*optarg == '=')
757 optarg++;
758 alias = xstrdup(optarg);
759 }
760 break;
761 case 'd':
762 dev = xstrdup(optarg);
763 break;
764 case 'k':
765 wmode = MODE_KEYGEN;
766 break;
767 case '4':
768 ipv4 = 1;
769 break;
770 case '6':
771 ipv4 = 0;
772 break;
773 case 'x':
774 wmode = MODE_EXPORT;
775 break;
776 case 's':
777 wmode = MODE_SERVER;
778 break;
779 case 'u':
780 udp = 1;
781 break;
782 case 't':
783 stun = xstrdup(optarg);
784 break;
785 case 'p':
786 port = xstrdup(optarg);
787 break;
788 case '?':
789 switch (optopt) {
790 case 't':
791 case 'd':
792 case 'u':
793 case 'p':
794 panic("Option -%c requires an argument!\n",
795 optopt);
796 default:
797 if (isprint(optopt))
798 whine("Unknown option character "
799 "`0x%X\'!\n", optopt);
800 die();
801 }
802 default:
803 break;
804 }
805 }
806
807 if (argc < 2)
808 help();
809
810 register_signal(SIGINT, signal_handler);
811 register_signal(SIGHUP, signal_handler);
812 register_signal(SIGTERM, signal_handler);
813 register_signal(SIGPIPE, signal_handler);
814
815 header();
816
817 curve25519_selftest();
818
819 switch (wmode) {
820 case MODE_KEYGEN:
821 ret = main_keygen(home);
822 break;
823 case MODE_EXPORT:
824 ret = main_export(home);
825 break;
826 case MODE_DUMPC:
827 ret = main_dumpc(home);
828 break;
829 case MODE_DUMPS:
830 ret = main_dumps(home);
831 break;
832 case MODE_CLIENT:
833 ret = main_client(home, dev, alias, daemon);
834 break;
835 case MODE_SERVER:
836 if (!port)
837 panic("No port specified!\n");
838 if (stun)
839 print_stun_probe(stun, 3478, strtoul(port, NULL, 10));
840 ret = main_server(home, dev, port, udp, ipv4, daemon, log);
841 break;
842 default:
843 die();
844 }
845
846 if (dev)
847 xfree(dev);
848 if (stun)
849 xfree(stun);
850 if (port)
851 xfree(port);
852 if (alias)
853 xfree(alias);
854
855 return ret;
856 }
netsniff-ng toolkit, the packet sniffing beast, staging tree