From af08408334c3e2f23acde5f74e77f628c85b532a Mon Sep 17 00:00:00 2001 From: Sergey Matveev Date: Tue, 5 Jan 2016 13:17:56 +0300 Subject: [PATCH] Ability to explicitly specify TAP interface, without up-script using Signed-off-by: Sergey Matveev --- doc/example.texi | 14 +++++++++++--- doc/server.texi | 16 +++++++++++----- src/govpn/cmd/govpn-client/main.go | 1 + src/govpn/cmd/govpn-server/common.go | 24 ++++++++++++++++-------- src/govpn/cmd/govpn-server/conf.go | 1 + src/govpn/conf.go | 1 + utils/newclient.sh | 1 + 7 files changed, 42 insertions(+), 16 deletions(-) diff --git a/doc/example.texi b/doc/example.texi index 6fd62df..f734c65 100644 --- a/doc/example.texi +++ b/doc/example.texi @@ -29,6 +29,7 @@ Place the following JSON configuration entry on the server's side: "Alice": { "up": "/path/to/up.sh", + "iface": "or TAP interface name", "verifier": "$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10" } @@ -39,14 +40,21 @@ Verifier was generated with: @end verbatim @strong{Prepare the server}. Add this entry to @code{peers.json} -configuration file. +configuration file: + +@verbatim +{ + "Alice": { + "iface": "tap10", + "verifier": "$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10" + } +} +@end verbatim @strong{Prepare network on GNU/Linux IPv4 server}: @example server% umask 077 -server% echo "#!/bin/sh" > /path/to/up.sh -server% echo "echo tap10" >> /path/to/up.sh server% ip addr add 192.168.0.1/24 dev wlan0 server% tunctl -t tap10 server% ip link set mtu 1432 dev tap10 diff --git a/doc/server.texi b/doc/server.texi index a00c452..7139ab3 100644 --- a/doc/server.texi +++ b/doc/server.texi @@ -26,7 +26,8 @@ Configuration file is JSON file with following example structure: @verbatim { "stargrave": { <-- Peer human readable name - "up": "./stargrave-up.sh", <-- up-script + "iface": "tap10", <-- OPTIONAL TAP interface name + "up": "./stargrave-up.sh", <-- OPTIONAL up-script "down": "./stargrave-down.sh", <-- OPTIONAL down-script "timeout": 60, <-- OPTIONAL overriden timeout "noise": true, <-- OPTIONAL noise enabler @@ -39,10 +40,14 @@ Configuration file is JSON file with following example structure: } @end verbatim -up-script executes each time connection with the client is established. -Its @emph{stdout} output must contain TAP interface name as the first -line. This script can be simple @code{echo tap10}, or maybe more -advanced like this: +At least one of either @code{iface} or @code{up} must be specified. If +you specify @code{iface}, then it will be forcefully used to determine +what TAP interface will be used. If it is not specified, then up-script +must output interface's name to stdout (first output line). + +For example up-script can be just @code{echo tap10}, or more advanced +like the following one: + @example #!/bin/sh $tap=$(ifconfig tap create) @@ -65,6 +70,7 @@ Place the following JSON configuration entry on the server's side: "Alice": { "up": "/path/to/up.sh", + "iface": "or TAP interface name", "verifier": "$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10" } [...] diff --git a/src/govpn/cmd/govpn-client/main.go b/src/govpn/cmd/govpn-client/main.go index da7ac2b..9b5bf18 100644 --- a/src/govpn/cmd/govpn-client/main.go +++ b/src/govpn/cmd/govpn-client/main.go @@ -82,6 +82,7 @@ func main() { } conf = &govpn.PeerConf{ Id: verifier.Id, + Iface: *ifaceName, Timeout: time.Second * time.Duration(timeout), Noise: *noisy, CPR: *cpr, diff --git a/src/govpn/cmd/govpn-server/common.go b/src/govpn/cmd/govpn-server/common.go index 3b3fcda..313fc39 100644 --- a/src/govpn/cmd/govpn-server/common.go +++ b/src/govpn/cmd/govpn-server/common.go @@ -67,15 +67,23 @@ Processor: } func callUp(peerId *govpn.PeerId) (string, error) { - result, err := govpn.ScriptCall(confs[*peerId].Up, "") - if err != nil { - log.Println("Script", confs[*peerId].Up, "call failed", err) - return "", err + ifaceName := confs[*peerId].Iface + if confs[*peerId].Up != "" { + result, err := govpn.ScriptCall(confs[*peerId].Up, "") + if err != nil { + log.Println("Script", confs[*peerId].Up, "call failed", err) + return "", err + } + if ifaceName == "" { + sepIndex := bytes.Index(result, []byte{'\n'}) + if sepIndex < 0 { + sepIndex = len(result) + } + ifaceName = string(result[:sepIndex]) + } } - sepIndex := bytes.Index(result, []byte{'\n'}) - if sepIndex < 0 { - sepIndex = len(result) + if ifaceName == "" { + log.Println("Can not obtain interface name for", *peerId) } - ifaceName := string(result[:sepIndex]) return ifaceName, nil } diff --git a/src/govpn/cmd/govpn-server/conf.go b/src/govpn/cmd/govpn-server/conf.go index 67ee695..284f4f9 100644 --- a/src/govpn/cmd/govpn-server/conf.go +++ b/src/govpn/cmd/govpn-server/conf.go @@ -60,6 +60,7 @@ func confRead() map[govpn.PeerId]*govpn.PeerConf { Verifier: verifier, Id: verifier.Id, Name: name, + Iface: pc.Iface, Up: pc.Up, Down: pc.Down, Noise: pc.Noise, diff --git a/src/govpn/conf.go b/src/govpn/conf.go index 600c83b..eb69ec6 100644 --- a/src/govpn/conf.go +++ b/src/govpn/conf.go @@ -27,6 +27,7 @@ import ( type PeerConf struct { Id *PeerId `json:"-"` Name string `json:"name"` + Iface string `json:"iface"` Up string `json:"up"` Down string `json:"down"` TimeoutInt int `json:"timeout"` diff --git a/utils/newclient.sh b/utils/newclient.sh index 4d49ff4..a57becb 100755 --- a/utils/newclient.sh +++ b/utils/newclient.sh @@ -30,6 +30,7 @@ Place the following JSON configuration entry on the server's side: "$username": { "up": "/path/to/up.sh", + "iface": "or TAP interface name", "verifier": "$verifierS" } -- 2.44.0