Initial import

CMakeLists.txt

@@ -0,0 +1,99 @@
+cmake_minimum_required(VERSION 2.6)
+project(BADVPN C)
+
+set(CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}/cmake/modules")
+
+include(TestBigEndian)
+include(CheckIncludeFiles)
+
+find_package(OpenSSL REQUIRED)
+set(LIBCRYPTO_INCLUDE_DIRS "${OpenSSL_INCLUDE_DIRS}")
+set(LIBCRYPTO_LIBRARY_DIRS "${OpenSSL_LIBRARY_DIRS}")
+set(LIBCRYPTO_LIBRARIES "${OpenSSL_LIBRARIES}")
+
+find_package(NSPR REQUIRED)
+find_package(NSS REQUIRED)
+
+include_directories(
+    ${CMAKE_CURRENT_SOURCE_DIR}
+    ${LIBCRYPTO_INCLUDE_DIRS}
+    ${NSPR_INCLUDE_DIRS}
+    ${NSS_INCLUDE_DIRS}
+)
+
+link_directories(
+    ${LIBCRYPTO_LIBRARY_DIRS}
+    ${NSPR_LIBRARY_DIRS}
+    ${NSS_LIBRARY_DIRS}
+)
+
+test_big_endian(BIG_ENDIAN)
+
+add_definitions(-std=gnu99 -Werror=implicit-function-declaration -Wno-unused-value -Wno-parentheses -Wno-switch-enum)
+
+# platform-specific stuff
+if (WIN32)
+    add_definitions(-DBADVPN_USE_WINAPI -D_WIN32_WINNT=0x501 -DWIN32_LEAN_AND_MEAN)
+else ()
+    link_libraries(rt)
+
+    check_include_files(sys/signalfd.h HAVE_SYS_SIGNALFD_H)
+    if (NOT ${HAVE_SYS_SIGNALFD_H})
+        message(FATAL_ERROR "signalfd is required")
+    endif ()
+
+    check_include_files(sys/epoll.h HAVE_SYS_EPOLL_H)
+    if (NOT ${HAVE_SYS_EPOLL_H})
+        message(FATAL_ERROR "epoll is required")
+    endif ()
+
+    if (NOT DEFINED BADVPN_WITHOUT_CRYPTODEV)
+        check_include_files(crypto/cryptodev.h HAVE_CRYPTO_CRYPTODEV_H)
+        if (${HAVE_CRYPTO_CRYPTODEV_H})
+            add_definitions(-DBADVPN_USE_CRYPTODEV)
+        elseif (DEFINED BADVPN_WITH_CRYPTODEV)
+            message(FATAL_ERROR "crypto/cryptodev.h not found")
+        endif ()
+    endif ()
+endif ()
+
+# add preprocessor definitions
+if (${BIG_ENDIAN})
+    add_definitions(-DBADVPN_BIG_ENDIAN)
+else ()
+    add_definitions(-DBADVPN_LITTLE_ENDIAN)
+endif ()
+
+# install man pages
+install(
+    FILES badvpn.7
+    DESTINATION share/man/man7
+)
+install(
+    FILES badvpn-server.8 badvpn-client.8
+    DESTINATION share/man/man8
+)
+
+# internal libraries
+add_subdirectory(system)
+add_subdirectory(flow)
+add_subdirectory(tuntap)
+add_subdirectory(predicate)
+add_subdirectory(nspr_support)
+add_subdirectory(server_connection)
+add_subdirectory(listener)
+
+# example programs
+add_subdirectory(examples)
+
+# tests
+add_subdirectory(tests)
+
+# server
+add_subdirectory(server)
+
+# client
+add_subdirectory(client)
+
+# flooder
+add_subdirectory(flooder)

INSTALL

@@ -0,0 +1,73 @@
+1 Requirements
+
+1.1 Operating system
+
+Linux:
+- kernel version >=2.6.22 (for epoll and signalfd)
+- glibc >=2.8 (for epoll and signalfd)
+- tested on x86, x86_64 and ARM architectures. Not tested on any big-endian architecture.
+
+Windows:
+- Windows XP or newer; tested on Windows XP and Windows 7
+
+Other systems are not supported.
+
+1.2 Compilers
+
+Linux:
+  - gcc
+  - clang
+
+Windows:
+  - gcc from the mingw-w64 project for 32-bit targets
+  - clang, properly built with mingw-w64, using mingw headers/libs
+
+C language features used:
+  - Standard (all part of C99):
+    - designated initializers
+    - variable length arrays as automatic variables
+    - stdint.h, inttypes.h, stddef.h
+    - intermingled declarations and code
+    - for loop initial declaration
+    - one-line "//" comments
+  - Extensions:
+    - statements and declarations in expressions
+    - packed structure attribute (to pack a structure and allow unaligned access)
+    - __alignof__ for querying the required alignment of types
+
+1.3 CMake
+
+The build system uses CMake.
+
+1.4 OpenSSL
+
+Libcrypto (part of OpenSSL) is used for block ciphers, hash functions and random data generation.
+
+1.5 Network Security Services (NSS)
+
+The NSS library from Mozilla is used for TLS support. NSS command-line tools are also needed
+for setting up certificates.
+
+1.6 TAP-Win32 (Windows only) (runtime only)
+
+The TAP-Win32 driver, part of OpenVPN.
+
+2 Compilation
+
+2.1 Compiling on Linux
+
+$ tar xf badvpn-<version>.tar.bz2
+$ mkdir build
+$ cd build
+$ cmake ../badvpn-<version> -DCMAKE_INSTALL_PREFIX=/usr/local
+$ make
+If you want to install it, run as root:
+# make install
+
+2.2 Compiling for Windows
+
+See the file INSTALL-WINDOWS for detailed instructions.
+
+3 Usage
+
+See the documentation in the man pages (badvpn(7), badvpn-server(8), badvpn-client(8)).

INSTALL-WINDOWS

@@ -0,0 +1,129 @@
+It is possible to compile BadVPN on Windows natively or to cross-compile from Linux
+(but you need Windows to compile NSS).
+
+Here are detailed instructions:
+
+- Get a gcc compiler for compiling 32-bit Windows programs from the mingw-w64 project:
+
+    - If you are compiling BadVPN from Linux:
+
+        Download (for Linux x86_64)
+            http://sourceforge.net/projects/mingw-w64/files/Toolchains%20targetting%20Win32/Personal%20Builds/sezero_20101003/mingw-w32-bin_x86_64-linux_20101003_sezero.tar.gz/download
+        or (for Linux x86)
+            http://sourceforge.net/projects/mingw-w64/files/Toolchains%20targetting%20Win32/Personal%20Builds/sezero_20101003/mingw-w32-bin_i686-linux_20101003_sezero.tar.gz/download .
+
+        Extract it to /home/<user>/mingw so that you have /home/<user>/mingw/cross_win32.
+
+    - If you are compiling BadVPN from Windows:
+
+        Download
+            http://sourceforge.net/projects/mingw-w64/files/Toolchains%20targetting%20Win32/Personal%20Builds/sezero_20101003/mingw-w32-bin_i686-mingw_20101003_sezero.zip/download .
+
+        Extract it to c:\ and rename it from "mingw32" to "mingw" so that you have C:\mingw\bin.
+        Be sure not to overwrite something. It really must be called "mingw" because cmake looks there.
+
+- Create a folder where build dependencies will be stored. Make sure it doesn't have spaces in its path.
+  Call it <root>.
+
+- Build required libraries:
+
+  - OpenSSL:
+    - If you are compiling BadVPN from Linux:
+      (This is for building OpenSSL with GCC. It is also possible to build it with MSVC from Windows; see below.)
+      (This should also work in Windows under Cygwin with the Cygwin build of mingw-w64.)
+
+      Download the OpenSSL source code. Extract it. Open a shell in the source dir. Run:
+
+      $ export PATH="${PATH}":/home/<user>/mingw/cross_win32/bin
+      $ perl Configure mingw --cross-compile-prefix=i686-w64-mingw32- --prefix=/ shared disable-capieng
+      $ make depend
+      $ make
+      $ make INSTALL_PREFIX=<root> install
+
+    - If you are compiling BadVPN from Windows:
+      (This is for building OpenSSL with MSVC. It is also possible to build it with GCC from Linux or Cygwin; see above.)
+
+      - Install "Windows SDK for Windows 7" (unless you have Visual Studio) and install at least the headers,
+        libraries and compilers.
+
+      - Install ActivePerl.
+
+      - Download the OpenSSL source code.
+        Extract is somewhere.
+
+      - Open the SDK terminal (Programs -> Microsoft Windows SDK v7.1 -> Windows SDK 7.1 Command Prompt).
+        Enter the OpenSSL source folder.
+        Run:
+
+        > perl Configure VC-WIN32 --prefix=<root> no-asm
+        > ms\do_ms
+        > nmake -f ms\ntdll.mak
+        > nmake -f ms\ntdll.mak install
+
+  - NSS:
+    - You need to build it from Windows.
+
+    - Install "Windows SDK for Windows 7" (unless you have Visual Studio) and install at least the headers,
+      libraries and compilers.
+
+    - Install MozillaBuild:
+        http://ftp.mozilla.org/pub/mozilla.org/mozilla/libraries/win32/MozillaBuildSetup-Latest.exe .
+
+    - Download the NSS source code that includes NSPR. As of the time of writing the latest version is 3.12.8:
+        https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_8_RTM/src/nss-3.12.8-with-nspr-4.8.6.tar.gz .
+
+      Extract it to c:\ so that you have C:\mozilla .
+
+    - Open the SDK terminal (Programs -> Microsoft Windows SDK v7.1 -> Windows SDK 7.1 Command Prompt) and run:
+
+        > c:\mozilla-build\start-l10n.bat
+
+      A new terminal opens. In that terminal, run:
+      (here paths are written as /driveletter/...)
+
+        $ export OS_TARGET=WINNT
+        $ export BUILD_OPT=1
+        $ cd <nss_source_dir>/mozilla/security/nss
+        $ make nss_build_all
+        $ <badvpn_source_dir>/scripts/copy_nss ../../dist <root>
+
+      If you will be compiling BadVPN from Linux, use an empty folder for <root> in the above command,
+      and copy its contents into <root> on the Linux system.
+
+- Compile it:
+  Choose a folder <dest> where the resulting binaries will be copied.
+
+  - If you are compiling BadVPN from Linux:
+
+    Copy <badvpn_source_dir>/scripts/toolchain.cmake to <root>/toolchain.cmake.
+
+    Copy <badvpn_source_dir>/scripts/cmake to <root>/ .
+    In that file, substitute <root> and <user>.
+
+    Create an empty folder, call it <build>, and open a shell in that folder.
+    Now run:
+
+      $ <root>/cmake <path_to_badvpn_source> -DCMAKE_INSTALL_PREFIX=<dest>
+      $ make
+      $ make install
+      $ cp <root>/bin/*.dll <dest>/bin/
+
+  - If you are compiling BadVPN from Windows:
+
+    Install CMake if you don't have it already. Select the option to include cmake in PATH
+    to avoid having to type a long command.
+
+    Create an empty folder, call it <build>, and open a command prompt in that folder.
+    Now run:
+
+      > cmake <badvpn_source_dir> -G "MinGW Makefiles" -DCMAKE_FIND_ROOT_PATH=<root> -DCMAKE_INSTALL_PREFIX=<dest>
+      > c:\mingw\bin\mingw32-make.exe
+      > c:\mingw\bin\mingw32-make.exe install
+      > copy <root>\bin\*.dll <dest>\bin\
+
+- Test it:
+
+  Execute <dest>\bin\badvpn-server.exe (on Windows or with Wine). It should print something like this and wait forever:
+
+    NOTICE(server): initializing BadVPN server <version>
+    NOTICE(server): entering event loop

TODO

@@ -0,0 +1,2 @@
+- in the server, somehow handle when a peer message is discarded
+- detect non-working link and try more addresses