Import the source

Author: rfc1036

.gitignore

@@ -0,0 +1,3 @@
+*.o
+Makefile.depend
+udptunnel

COPYING

@@ -0,0 +1,36 @@
+prefix = /usr/local
+
+CFLAGS ?= -g -O2
+
+INSTALL ?= install
+PKG_CONFIG ?= pkg-config
+
+ifeq ($(shell $(PKG_CONFIG) --exists libsystemd || echo NO),)
+DEFS += -DHAVE_SYSTEMD_SD_DAEMON_H $(shell $(PKG_CONFIG) --cflags libsystemd)
+LDADD += $(shell $(PKG_CONFIG) --libs libsystemd)
+endif
+
+CPPFLAGS += $(DEFS) $(INCLUDES)
+
+OBJECTS := log.o network.o utils.o udptunnel.o
+
+all: depend udptunnel
+
+install:
+	$(INSTALL) -d $(BASEDIR)$(prefix)/sbin/
+	$(INSTALL) -m 0755 udptunnel $(BASEDIR)$(prefix)/sbin/
+
+clean:
+	rm -f Makefile.depend $(OBJECTS) udptunnel
+
+%.o: %.c
+	$(CC) $(CPPFLAGS) $(CFLAGS) -c $<
+
+udptunnel: $(OBJECTS)
+	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ $(LDADD) $(LIBS)
+
+depend: Makefile.depend
+Makefile.depend:
+	$(CC) $(CPPFLAGS) $(CFLAGS) -MM -MG *.c > $@
+
+-include Makefile.depend

Makefile

@@ -0,0 +1,14 @@
+# Start a test inetd daemon with a command like:
+#  /usr/sbin/inetd -i examples/test-inetd.conf
+#
+# and then try some DNS queries:
+#  dig @127.0.0.1 -p 5335 www.debian.org
+#  dig @127.0.0.1 -p 5336 www.debian.org
+
+# test server
+55443	stream	tcp	nowait	nobody	/usr/sbin/tcpd /usr/local/sbin/udptunnel --inetd --timeout 60 --server 8.8.8.8:53
+
+# test clients
+5335	dgram	udp	wait.2	nobody	/usr/sbin/tcpd /usr/local/sbin/udptunnel --inetd --timeout 60 127.0.0.1:55443
+5336	dgram	udp	wait.2	nobody	/usr/sbin/tcpd /usr/local/sbin/udptunnel --inetd --timeout 60 127.0.0.1:55443
+

examples/test-inetd.conf

@@ -0,0 +1,54 @@
+#!/bin/sh -e
+#
+# This script switches a wireguard tunnel between two endpoints.
+
+WG_IF='wg0'
+WG_PEER_KEY='Jy9syevJmxfBLKQMTazSFvgDeyS2Pv3+laYIDMlquRk='
+
+ENDPOINT_A='198.51.100.1:443'
+ENDPOINT_B='127.0.0.1:25779'
+
+##############################################################################
+wg_get_endpoint() {
+  local if="$1"
+  local key="$2"
+
+  local key_re
+  if [ "$key" ]; then
+    key_re="^$(echo $key | sed -re 's/\+/\\+/g')[[:space:]]"
+  else
+    key_re='.'
+  fi
+
+  [ "$if" -a -e /sys/class/net/$if/ ] || return 0
+  wg show "$if" endpoints | egrep "$key_re" | cut -f 2
+}
+
+wg_set_endpoint() {
+  local if="$1"
+  local peer_key="$2"
+
+  [ "$if" -a -e /sys/class/net/$if/ ] || return 0
+  wg set "$if" peer "$peer_key" endpoint "$3"
+}
+
+##############################################################################
+WG_ENDPOINT="$(wg_get_endpoint $WG_IF $WG_PEER_KEY)"
+
+case "$WG_ENDPOINT" in
+  "")
+    ;;
+  "$ENDPOINT_A")
+    wg_set_endpoint $WG_IF $WG_PEER_KEY $ENDPOINT_B
+    echo "Switched to endpoint $ENDPOINT_B."
+    ;;
+  "$ENDPOINT_B")
+    wg_set_endpoint $WG_IF $WG_PEER_KEY $ENDPOINT_A
+    echo "Switched to endpoint $ENDPOINT_A."
+    ;;
+  *)
+    echo "Unknown endpoint $WG_ENDPOINT!" >&2
+    exit 1
+    ;;
+esac
+

examples/toggle-endpoint

@@ -0,0 +1,29 @@
+[Unit]
+Description=udptunnel client
+Documentation=man:udptunnel(1)
+Requires=udptunnel-client.socket
+
+[Service]
+Type=notify
+Restart=on-failure
+RestartSec=30
+ExecStart=/usr/local/sbin/udptunnel server.example.net:443
+StandardOutput=journal
+StandardError=journal
+DynamicUser=yes
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=strict
+ProtectHome=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectControlGroups=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+RestrictRealtime=yes
+RemoveIPC=yes
+SystemCallArchitectures=native
+

examples/udptunnel-client.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Sockets for udptunnel-client
+Documentation=man:udptunnel(1)
+
+[Socket]
+ListenDatagram=127.0.0.1:25779
+
+[Install]
+WantedBy=sockets.target
+

examples/udptunnel-client.socket

@@ -0,0 +1,28 @@
+[Unit]
+Description=udptunnel server
+Documentation=man:udptunnel(1)
+Requires=udptunnel-server.socket
+
+[Service]
+Type=notify
+Restart=on-failure
+ExecStart=/usr/local/sbin/udptunnel --server -v 127.0.0.1:25779
+StandardOutput=journal
+StandardError=journal
+DynamicUser=yes
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=strict
+ProtectHome=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectControlGroups=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+RestrictRealtime=yes
+RemoveIPC=yes
+SystemCallArchitectures=native
+

examples/udptunnel-server.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=Sockets for udptunnel-server
+Documentation=man:udptunnel(1)
+
+[Socket]
+ListenStream=0.0.0.0:443
+ListenStream=[::]:443
+
+[Install]
+WantedBy=sockets.target
+

examples/udptunnel-server.socket

@@ -0,0 +1,130 @@
+/*
+ * Copyright (C) 2018 Marco d'Itri
+ *
+ * Inspired by log.c from the cowdancer package by James Clarke.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+#include <syslog.h>
+
+#include "log.h"
+#include "utils.h"
+
+static log_level filter_level = log_info;
+
+/*
+ * Return the appropriate file handle (stdout vs. stderr) for the log level.
+ */
+static FILE *file_for_level(log_level level)
+{
+    if (level & log_stderr || filter_level & log_stderr)
+	return stderr;
+
+    if ((level & LOG_LEVEL_MASK) > log_warning)
+	return stdout;
+    else
+	return stderr;
+}
+
+static void log_doit(log_level level, const char *format, va_list args)
+{
+    static int syslog_initialized;
+
+    if ((level & LOG_LEVEL_MASK) > (filter_level & LOG_LEVEL_MASK))
+	return;
+
+    if (level & log_syslog || filter_level & log_syslog) {
+	if (!syslog_initialized) {
+	    openlog(NULL, LOG_PID, LOG_DAEMON);
+	    syslog_initialized = 1;
+	}
+
+	if (level & log_strerror) {
+	    int len = strlen(format);
+	    char *format2;
+
+	    format2 = NOFAIL(malloc(len + 4 + 1));
+	    strcpy(format2, format);
+	    strcpy(format2 + len, ": %m");
+	    vsyslog(level & LOG_LEVEL_MASK, format2, args);
+	    free(format2);
+	} else {
+	    vsyslog(level & LOG_LEVEL_MASK, format, args);
+	}
+	return;
+    }
+
+    vfprintf(file_for_level(level), format, args);
+    if (level & log_strerror)
+	fprintf(file_for_level(level), ": %s", strerror(errno));
+    fprintf(file_for_level(level), "\n");
+}
+
+log_level log_get_filter_level(void)
+{
+    return filter_level;
+}
+
+void log_set_options(log_level filter_level_new)
+{
+    filter_level = filter_level_new;
+}
+
+void log_printf(log_level level, const char *format, ...)
+{
+    va_list args;
+
+    va_start(args, format);
+    log_doit(level, format, args);
+    va_end(args);
+}
+
+void log_printf_exit(int status, log_level level, const char *format, ...)
+{
+    va_list args;
+
+    va_start(args, format);
+    log_doit(level, format, args);
+    va_end(args);
+
+    exit(status);
+}
+
+void log_printf_err(log_level level, const char *format, ...)
+{
+    va_list args;
+
+    va_start(args, format);
+    log_doit(level | log_strerror, format, args);
+    va_end(args);
+}
+
+void log_printf_err_exit(int status, log_level level, const char *format, ...)
+{
+    va_list args;
+
+    va_start(args, format);
+    log_doit(level | log_strerror, format, args);
+    va_end(args);
+
+    exit(status);
+}
+