From: Sergey Matveev Date: Thu, 7 Jul 2016 08:41:40 +0000 (+0300) Subject: Merge branch 'develop' X-Git-Tag: 5.9^0 X-Git-Url: http://www.git.cypherpunks.ru/?p=govpn.git;a=commitdiff_plain;h=0eee0e5c5315d5c0bf6004578783ba08bcda566b;hp=4cc7cf27a64355bbe1f64418a55e860baeb63ac0 Merge branch 'develop' --- diff --git a/VERSION b/VERSION index 3659ea2..95ee81a 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -5.8 +5.9 diff --git a/doc/client.texi b/doc/client.texi index d3a7f41..58dc74b 100644 --- a/doc/client.texi +++ b/doc/client.texi @@ -37,6 +37,9 @@ to enter it in the terminal. @item -timeout @ref{Timeout} setting in seconds. +@item -noreconnect +Disable reconnection after timeout. + @item -timesync Optional @ref{Timesync, time synchronization} requirement. If set to zero, then no synchronization required. diff --git a/doc/download.texi b/doc/download.texi index 721e4f9..b8c8aaf 100644 --- a/doc/download.texi +++ b/doc/download.texi @@ -1,11 +1,16 @@ @node Tarballs @section Prepared tarballs -You can obtain releases source code prepared tarballs from the links below: +You can obtain releases source code prepared tarballs from the links below +(or use @url{https://sourceforge.net/projects/govpn/files/, Sourceforge mirror}): @multitable {XXXXX} {XXXX KiB} {link sign} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx} @headitem Version @tab Size @tab Tarball @tab SHA256 checksum +@item @ref{Release 5.8, 5.8} @tab 312 KiB +@tab @url{download/govpn-5.8.tar.xz, link} @url{download/govpn-5.8.tar.xz.sig, sign} +@tab @code{a730dc3bbb97bc412a80f529b0f3043e70d011387f5d579cbd2e29964ddf94f4} + @item @ref{Release 5.7, 5.7} @tab 312 KiB @tab @url{download/govpn-5.7.tar.xz, link} @url{download/govpn-5.7.tar.xz.sig, sign} @tab @code{17a8a223e2d9d4fd537f8de802bc6c72f16ebf8a8c5430e3fbf045c304f9dfec} diff --git a/doc/index.texi b/doc/index.texi index e8b91e8..b962eac 100644 --- a/doc/index.texi +++ b/doc/index.texi @@ -28,6 +28,7 @@ A copy of the license is included in the section entitled "Copying conditions". @menu * Frequently Asked Questions: FAQ. * News:: +* Modes of operation:: * Информация на русском: Русский. * Installation:: * Precautions:: @@ -41,6 +42,7 @@ A copy of the license is included in the section entitled "Copying conditions". @include faq.texi @include news.texi +@include modes.texi @include russian.texi @include installation.texi @include precautions.texi diff --git a/doc/modes.ru.texi b/doc/modes.ru.texi new file mode 100644 index 0000000..5727799 --- /dev/null +++ b/doc/modes.ru.texi @@ -0,0 +1,111 @@ +@node Режимы работы +@section Режимы работы + +Есть три режима работы и два режима обеспечения конфиденциальности данных. + +Три режима работы предоставляют компромиссы между потреблением ресурсов +и эффективностью. + +@table @asis + +@item Режим по-умолчанию. + +Пакеты с данными зашифрованы и аутентифицированы и посылаются сразу же. +Это наиболее эффективный режим с минимальными накладными расходами и +задержками. + +@verbatim + +-----------+ +-----+ +---------+ +------+ + | DATA | |DATA | | DATA | | DATA | + +-----------+ +-----+ +---------+ +------+ + +---------------------------------------------------------------------------------------> t +@end verbatim + +@item @ref{Noise, Шумовой} режим. + +Этот режим прячет длины пакетов. Как правило, он потребляет больше +трафика. + +@verbatim + +------const------+ +------const------+ +------const------+ +/ \ / \ / \ + ++------+------------+ +---------+---------+ +-------------+-----+ +| DATA | NOISE | | DATA | NOISE | | DATA |NOISE| ++------+------------+ +---------+---------+ +-------------+-----+ + +---------------------------------------------------------------------------------------> t +@end verbatim + +@item Режим постоянной @ref{CPR, скорости пакетов}. + +Этот режим ещё и прячет временные характеристики пакетов. Он может +увеличить задержки и вставлять пустые шумовые пакеты. + +@verbatim + +------const------+ +------const------+ +------const------+ +/ \ / \ / \ + ++------+------------+ +---------+---------+ +-------------------+ +| DATA | NOISE |<--const-->| DATA | NOISE |<--const-->| NOISE | ++------+------------+ +---------+---------+ +-------------------+ + +---------------------------------------------------------------------------------------> t +@end verbatim + +@end table + +Режимы обеспечения конфиденциальности также являются компромиссом между +эффективностью и потреблением ресурсов. + +@table @asis + +@item @ref{Transport, Стандартный} режим. + +Шифрование и аутентификация производятся используя хорошо известные +алгоритмы. Это очень эффективный режим. Он генерирует пакеты неотличимые +от шума. + +@verbatim ++---------------------------------------------------------+ +| PACKET | +| | +| +-----+ +---------------------------+ +-------+ | +| | TAG |/ CIPHERTEXT \ / NONCE \ | +| +-----+|-----------------------------||-----------| | +| | || | | ++---------------------------------------------------------+ + | || | + |-----------------------------||-----------| + | ENCRYPTION || MAC | + +------------+---+------------++-----------+ + | DATA |PAD| ZEROS || SERIAL | + +------------+---+------------++-----------+ +@end verbatim + +@item @ref{Encless, Нешифрованный} режим. + +Этот режим не использует какие-либо функции шифрования. Вместо этого +используется Chaffing-and-Winnowing кодирование поверх AONT +(всё-или-ничего) пакета данных. Этот режим потребляет ощутимо больше +ресурсов и трафика. Он также генерирует неотличимые от шума пакеты. + +@verbatim ++----------------------------------------------------+ +| PACKET | +| | +| +---------------------------+ +---------+ | +| / CIPHERTEXT \/ NONCE \ | +| |-----------------------------||-----------| | +| | || | | ++----------------------------------------------------+ + | || | + |--------+--------------------||-----------| + |Chaffing| AONT || MAC | + +--------+---+---+------------++-----------+ + | DATA |PAD| ZEROS || SERIAL | + +------------+---+------------++-----------+ +@end verbatim + +@end table diff --git a/doc/modes.texi b/doc/modes.texi new file mode 100644 index 0000000..e3a2fc0 --- /dev/null +++ b/doc/modes.texi @@ -0,0 +1,112 @@ +@node Modes of operation +@unnumbered Modes of operation + +See also this page @ref{Режимы работы, on russian}. + +There are three modes of operation and two modes of data confidentiality +protection. + +Three modes of operation provide various trade-off between +resource-consumption and effectiveness. + +@table @asis + +@item Default mode. + +Data packets are encrypted and authenticated and sent immediately. This +is the most effective mode with minimal overhead and delays. + +@verbatim + +-----------+ +-----+ +---------+ +------+ + | DATA | |DATA | | DATA | | DATA | + +-----------+ +-----+ +---------+ +------+ + +---------------------------------------------------------------------------------------> t +@end verbatim + +@item @ref{Noise} mode. + +This mode hides packet's lengths. It consumes more traffic as a rule. + +@verbatim + +------const------+ +------const------+ +------const------+ +/ \ / \ / \ + ++------+------------+ +---------+---------+ +-------------+-----+ +| DATA | NOISE | | DATA | NOISE | | DATA |NOISE| ++------+------------+ +---------+---------+ +-------------+-----+ + +---------------------------------------------------------------------------------------> t +@end verbatim + +@item @ref{CPR} mode. + +This mode also hides packets timestamps. It can increase delays and +insert dummy noised packets. + +@verbatim + +------const------+ +------const------+ +------const------+ +/ \ / \ / \ + ++------+------------+ +---------+---------+ +-------------------+ +| DATA | NOISE |<--const-->| DATA | NOISE |<--const-->| NOISE | ++------+------------+ +---------+---------+ +-------------------+ + +---------------------------------------------------------------------------------------> t +@end verbatim + +@end table + +Confidentiality protection modes are also trade-off between +effectiveness and resource-consumption. + +@table @asis + +@item @ref{Transport, Default} mode. + +Encryption and authentication is done using well-known algorithms. This +is very effective mode. It generates packets undistinguishable from the +noise. + +@verbatim ++---------------------------------------------------------+ +| PACKET | +| | +| +-----+ +---------------------------+ +-------+ | +| | TAG |/ CIPHERTEXT \ / NONCE \ | +| +-----+|-----------------------------||-----------| | +| | || | | ++---------------------------------------------------------+ + | || | + |-----------------------------||-----------| + | ENCRYPTION || MAC | + +------------+---+------------++-----------+ + | DATA |PAD| ZEROS || SERIAL | + +------------+---+------------++-----------+ +@end verbatim + +@item @ref{Encless, Encryptionless} mode. + +This mode does not use any encryption function. Chaffing-and-Winnowing +encoding is used over AONT (all-or-nothing) package instead. This mode +consumes much more traffic and resources. It also generated +undistinguishable from the noise packets. + +@verbatim ++----------------------------------------------------+ +| PACKET | +| | +| +---------------------------+ +---------+ | +| / CIPHERTEXT \/ NONCE \ | +| |-----------------------------||-----------| | +| | || | | ++----------------------------------------------------+ + | || | + |--------+--------------------||-----------| + |Chaffing| AONT || MAC | + +--------+---+---+------------++-----------+ + | DATA |PAD| ZEROS || SERIAL | + +------------+---+------------++-----------+ +@end verbatim + +@end table diff --git a/doc/news.ru.texi b/doc/news.ru.texi index 6ea4181..a3981d3 100644 --- a/doc/news.ru.texi +++ b/doc/news.ru.texi @@ -1,6 +1,14 @@ @node Новости @section Новости +@node Релиз 5.9 +@subsection Релиз 5.9 +@itemize +@item Клиент переподключается в цикле когда соединение потеряно. +Опционально вы можете отключить это поведение: клиент сразу же выйдет, +как и делал раньше. +@end itemize + @node Релиз 5.8 @subsection Релиз 5.8 @itemize diff --git a/doc/news.texi b/doc/news.texi index f363b84..3fa2169 100644 --- a/doc/news.texi +++ b/doc/news.texi @@ -3,6 +3,14 @@ See also this page @ref{Новости, on russian}. +@node Release 5.9 +@section Release 5.9 +@itemize +@item Client reconnects in the loop when connection is lost. Optionally +you can disable that behaviour: client will exit immediately, as it +previously did. +@end itemize + @node Release 5.8 @section Release 5.8 @itemize diff --git a/doc/russian.texi b/doc/russian.texi index ed35584..e671650 100644 --- a/doc/russian.texi +++ b/doc/russian.texi @@ -5,8 +5,10 @@ * О демоне:: * Часто задаваемые вопросы: ЧАВО. * Новости:: +* Режимы работы:: @end menu @include about.ru.texi @include faq.ru.texi @include news.ru.texi +@include modes.ru.texi diff --git a/src/cypherpunks.ru/govpn/cmd/govpn-client/main.go b/src/cypherpunks.ru/govpn/cmd/govpn-client/main.go index 3d8cbe6..98a5b21 100644 --- a/src/cypherpunks.ru/govpn/cmd/govpn-client/main.go +++ b/src/cypherpunks.ru/govpn/cmd/govpn-client/main.go @@ -45,6 +45,7 @@ var ( mtu = flag.Int("mtu", govpn.MTUDefault, "MTU of TAP interface") timeoutP = flag.Int("timeout", 60, "Timeout seconds") timeSync = flag.Int("timesync", 0, "Time synchronization requirement") + noreconnect = flag.Bool("noreconnect", false, "Disable reconnection after timeout") noisy = flag.Bool("noise", false, "Enable noise appending") encless = flag.Bool("encless", false, "Encryptionless mode") cpr = flag.Int("cpr", 0, "Enable constant KiB/sec out traffic rate") @@ -78,6 +79,12 @@ func main() { govpn.EGDInit(*egdPath) } + if *proxyAddr != "" { + *proto = "tcp" + } + if !(*proto == "udp" || *proto == "tcp") { + log.Fatalln("Unknown protocol specified") + } if *verifierRaw == "" { log.Fatalln("No verifier specified") } @@ -139,9 +146,6 @@ MainCycle: timeouted := make(chan struct{}) rehandshaking := make(chan struct{}) termination := make(chan struct{}) - if *proxyAddr != "" { - *proto = "tcp" - } switch *proto { case "udp": go startUDP(timeouted, rehandshaking, termination) @@ -151,8 +155,6 @@ MainCycle: } else { go startTCP(timeouted, rehandshaking, termination) } - default: - log.Fatalln("Unknown protocol specified") } select { case <-termSignal: @@ -160,7 +162,11 @@ MainCycle: termination <- struct{}{} break MainCycle case <-timeouted: - break MainCycle + if *noreconnect { + break MainCycle + } + govpn.BothPrintf(`[sleep seconds="%d"]`, timeout) + time.Sleep(time.Second * time.Duration(timeout)) case <-rehandshaking: } close(timeouted)