summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/config.c388
-rw-r--r--src/config.h35
-rw-r--r--src/config.y123
-rw-r--r--src/crypto.h4
-rw-r--r--src/crypto/cipher/ciphers.c.in4
-rw-r--r--src/crypto/mac/macs.c.in4
-rw-r--r--src/fastd.c102
-rw-r--r--src/fastd.h16
-rw-r--r--src/handshake.c50
-rw-r--r--src/log.c14
-rw-r--r--src/method.h8
-rw-r--r--src/methods/cipher_test/cipher_test.c2
-rw-r--r--src/methods/common.c6
-rw-r--r--src/methods/common.h2
-rw-r--r--src/methods/composed_gmac/composed_gmac.c6
-rw-r--r--src/methods/generic_gmac/generic_gmac.c4
-rw-r--r--src/methods/generic_poly1305/generic_poly1305.c2
-rw-r--r--src/options.c152
-rw-r--r--src/peer.c46
-rw-r--r--src/peer.h10
-rw-r--r--src/poll.c14
-rw-r--r--src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.c8
-rw-r--r--src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h4
-rw-r--r--src/protocols/ec25519_fhmqvc/handshake.c66
-rw-r--r--src/protocols/ec25519_fhmqvc/util.c16
-rw-r--r--src/receive.c16
-rw-r--r--src/resolve.c2
-rw-r--r--src/send.c4
-rw-r--r--src/shell.c8
-rw-r--r--src/socket.c8
-rw-r--r--src/tuntap.c48
31 files changed, 588 insertions, 584 deletions
diff --git a/src/config.c b/src/config.c
index c38dc4c..fbddd7f 100644
--- a/src/config.c
+++ b/src/config.c
@@ -43,55 +43,58 @@
#include <sys/types.h>
+fastd_config_t conf = {};
+
+
extern const fastd_protocol_t fastd_protocol_ec25519_fhmqvc;
-static void default_config(fastd_config_t *conf) {
- memset(conf, 0, sizeof(fastd_config_t));
+static void default_config(void) {
+ memset(&conf, 0, sizeof(fastd_config_t));
- conf->log_syslog_ident = strdup("fastd");
+ conf.log_syslog_ident = strdup("fastd");
- conf->maintenance_interval = 10;
- conf->keepalive_timeout = 15;
- conf->peer_stale_time = 90;
- conf->eth_addr_stale_time = 300;
+ conf.maintenance_interval = 10;
+ conf.keepalive_timeout = 15;
+ conf.peer_stale_time = 90;
+ conf.eth_addr_stale_time = 300;
- conf->reorder_time = 10;
+ conf.reorder_time = 10;
- conf->min_handshake_interval = 15;
- conf->min_resolve_interval = 15;
+ conf.min_handshake_interval = 15;
+ conf.min_resolve_interval = 15;
- conf->mtu = 1500;
- conf->mode = MODE_TAP;
+ conf.mtu = 1500;
+ conf.mode = MODE_TAP;
- conf->secure_handshakes = true;
- conf->drop_caps = DROP_CAPS_ON;
+ conf.secure_handshakes = true;
+ conf.drop_caps = DROP_CAPS_ON;
- conf->protocol = &fastd_protocol_ec25519_fhmqvc;
- conf->key_valid = 3600; /* 60 minutes */
- conf->key_valid_old = 60; /* 1 minute */
- conf->key_refresh = 3300; /* 55 minutes */
- conf->key_refresh_splay = 300; /* 5 minutes */
+ conf.protocol = &fastd_protocol_ec25519_fhmqvc;
+ conf.key_valid = 3600; /* 60 minutes */
+ conf.key_valid_old = 60; /* 1 minute */
+ conf.key_refresh = 3300; /* 55 minutes */
+ conf.key_refresh_splay = 300; /* 5 minutes */
- conf->peer_group = calloc(1, sizeof(fastd_peer_group_config_t));
- conf->peer_group->name = strdup("default");
- conf->peer_group->max_connections = -1;
+ conf.peer_group = calloc(1, sizeof(fastd_peer_group_config_t));
+ conf.peer_group->name = strdup("default");
+ conf.peer_group->max_connections = -1;
- conf->ciphers = fastd_cipher_config_alloc();
- conf->macs = fastd_mac_config_alloc();
+ conf.ciphers = fastd_cipher_config_alloc();
+ conf.macs = fastd_mac_config_alloc();
}
-void fastd_config_protocol(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *name) {
+void fastd_config_protocol(fastd_context_t *ctx UNUSED, const char *name) {
if (!strcmp(name, "ec25519-fhmqvc"))
- conf->protocol = &fastd_protocol_ec25519_fhmqvc;
+ conf.protocol = &fastd_protocol_ec25519_fhmqvc;
else
exit_error(ctx, "config error: protocol `%s' not supported", name);
}
-void fastd_config_method(fastd_context_t *ctx, fastd_config_t *conf, const char *name) {
+void fastd_config_method(fastd_context_t *ctx, const char *name) {
fastd_string_stack_t **method;
- for (method = &conf->method_list; *method; method = &(*method)->next) {
+ for (method = &conf.method_list; *method; method = &(*method)->next) {
if (!strcmp((*method)->str, name)) {
pr_debug(ctx, "duplicate method name `%s', ignoring", name);
return;
@@ -101,17 +104,17 @@ void fastd_config_method(fastd_context_t *ctx, fastd_config_t *conf, const char
*method = fastd_string_stack_dup(name);
}
-void fastd_config_cipher(fastd_context_t *ctx, fastd_config_t *conf, const char *name, const char *impl) {
- if (!fastd_cipher_config(conf->ciphers, name, impl))
+void fastd_config_cipher(fastd_context_t *ctx, const char *name, const char *impl) {
+ if (!fastd_cipher_config(conf.ciphers, name, impl))
exit_error(ctx, "config error: implementation `%s' is not supported for cipher `%s' (or cipher `%s' is not supported)", impl, name, name);
}
-void fastd_config_mac(fastd_context_t *ctx, fastd_config_t *conf, const char *name, const char *impl) {
- if (!fastd_mac_config(conf->macs, name, impl))
+void fastd_config_mac(fastd_context_t *ctx, const char *name, const char *impl) {
+ if (!fastd_mac_config(conf.macs, name, impl))
exit_error(ctx, "config error: implementation `%s' is not supported for MAC `%s' (or MAC `%s' is not supported)", impl, name, name);
}
-void fastd_config_bind_address(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const fastd_peer_address_t *address, const char *bindtodev, bool default_v4, bool default_v6) {
+void fastd_config_bind_address(fastd_context_t *ctx UNUSED, const fastd_peer_address_t *address, const char *bindtodev, bool default_v4, bool default_v6) {
#ifndef USE_BINDTODEVICE
if (bindtodev && !fastd_peer_address_is_v6_ll(address))
exit_error(ctx, "config error: device bind configuration not supported on this system");
@@ -122,44 +125,44 @@ void fastd_config_bind_address(fastd_context_t *ctx UNUSED, fastd_config_t *conf
fastd_peer_address_t addr4 = { .in = { .sin_family = AF_INET, .sin_port = address->in.sin_port } };
fastd_peer_address_t addr6 = { .in6 = { .sin6_family = AF_INET6, .sin6_port = address->in.sin_port } };
- fastd_config_bind_address(ctx, conf, &addr4, bindtodev, default_v4, default_v6);
- fastd_config_bind_address(ctx, conf, &addr6, bindtodev, default_v4, default_v6);
+ fastd_config_bind_address(ctx, &addr4, bindtodev, default_v4, default_v6);
+ fastd_config_bind_address(ctx, &addr6, bindtodev, default_v4, default_v6);
return;
}
#endif
fastd_bind_address_t *addr = malloc(sizeof(fastd_bind_address_t));
- addr->next = conf->bind_addrs;
- conf->bind_addrs = addr;
- conf->n_bind_addrs++;
+ addr->next = conf.bind_addrs;
+ conf.bind_addrs = addr;
+ conf.n_bind_addrs++;
addr->addr = *address;
addr->bindtodev = bindtodev ? strdup(bindtodev) : NULL;
fastd_peer_address_simplify(&addr->addr);
- if (addr->addr.sa.sa_family != AF_INET6 && (default_v4 || !conf->bind_addr_default_v4))
- conf->bind_addr_default_v4 = addr;
+ if (addr->addr.sa.sa_family != AF_INET6 && (default_v4 || !conf.bind_addr_default_v4))
+ conf.bind_addr_default_v4 = addr;
- if (addr->addr.sa.sa_family != AF_INET && (default_v6 || !conf->bind_addr_default_v6))
- conf->bind_addr_default_v6 = addr;
+ if (addr->addr.sa.sa_family != AF_INET && (default_v6 || !conf.bind_addr_default_v6))
+ conf.bind_addr_default_v6 = addr;
}
-void fastd_config_peer_group_push(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *name) {
+void fastd_config_peer_group_push(fastd_context_t *ctx UNUSED, const char *name) {
fastd_peer_group_config_t *group = calloc(1, sizeof(fastd_peer_group_config_t));
group->name = strdup(name);
group->max_connections = -1;
- group->parent = conf->peer_group;
+ group->parent = conf.peer_group;
group->next = group->parent->children;
group->parent->children = group;
- conf->peer_group = group;
+ conf.peer_group = group;
}
-void fastd_config_peer_group_pop(fastd_context_t *ctx UNUSED, fastd_config_t *conf) {
- conf->peer_group = conf->peer_group->parent;
+void fastd_config_peer_group_pop(fastd_context_t *ctx UNUSED) {
+ conf.peer_group = conf.peer_group->parent;
}
static void free_peer_group(fastd_peer_group_config_t *group) {
@@ -187,7 +190,7 @@ static bool has_peer_group_peer_dirs(const fastd_peer_group_config_t *group) {
return false;
}
-void fastd_config_add_log_file(fastd_context_t *ctx, fastd_config_t *conf, const char *name, fastd_loglevel_t level) {
+void fastd_config_add_log_file(fastd_context_t *ctx, const char *name, fastd_loglevel_t level) {
char *name2 = strdup(name);
char *name3 = strdup(name);
@@ -208,8 +211,8 @@ void fastd_config_add_log_file(fastd_context_t *ctx, fastd_config_t *conf, const
file->level = level;
- file->next = conf->log_files;
- conf->log_files = file;
+ file->next = conf.log_files;
+ conf.log_files = file;
if(chdir(oldcwd))
pr_error(ctx, "can't chdir to `%s': %s", oldcwd, strerror(errno));
@@ -225,7 +228,7 @@ void fastd_config_add_log_file(fastd_context_t *ctx, fastd_config_t *conf, const
free(name3);
}
-static void read_peer_dir(fastd_context_t *ctx, fastd_config_t *conf, const char *dir) {
+static void read_peer_dir(fastd_context_t *ctx, const char *dir) {
DIR *dirh = opendir(".");
if (dirh) {
@@ -257,13 +260,13 @@ static void read_peer_dir(fastd_context_t *ctx, fastd_config_t *conf, const char
continue;
}
- fastd_peer_config_new(ctx, conf);
- conf->peers->name = strdup(result->d_name);
- conf->peers->config_source_dir = dir;
+ fastd_peer_config_new(ctx);
+ conf.peers->name = strdup(result->d_name);
+ conf.peers->config_source_dir = dir;
- if (!fastd_read_config(ctx, conf, result->d_name, true, 0)) {
+ if (!fastd_read_config(ctx, result->d_name, true, 0)) {
pr_warn(ctx, "peer config `%s' will be ignored", result->d_name);
- fastd_peer_config_delete(ctx, conf);
+ fastd_peer_config_delete(ctx);
}
}
@@ -276,13 +279,13 @@ static void read_peer_dir(fastd_context_t *ctx, fastd_config_t *conf, const char
}
}
-static void read_peer_dirs(fastd_context_t *ctx, fastd_config_t *conf) {
+static void read_peer_dirs(fastd_context_t *ctx) {
char *oldcwd = get_current_dir_name();
fastd_string_stack_t *dir;
- for (dir = conf->peer_group->peer_dirs; dir; dir = dir->next) {
+ for (dir = conf.peer_group->peer_dirs; dir; dir = dir->next) {
if (!chdir(dir->str))
- read_peer_dir(ctx, conf, dir->str);
+ read_peer_dir(ctx, dir->str);
else
pr_error(ctx, "change from directory `%s' to `%s' failed: %s", oldcwd, dir->str, strerror(errno));
}
@@ -293,12 +296,12 @@ static void read_peer_dirs(fastd_context_t *ctx, fastd_config_t *conf) {
free(oldcwd);
}
-void fastd_add_peer_dir(fastd_context_t *ctx, fastd_config_t *conf, const char *dir) {
+void fastd_add_peer_dir(fastd_context_t *ctx, const char *dir) {
char *oldcwd = get_current_dir_name();
if (!chdir(dir)) {
char *newdir = get_current_dir_name();
- conf->peer_group->peer_dirs = fastd_string_stack_push(conf->peer_group->peer_dirs, newdir);
+ conf.peer_group->peer_dirs = fastd_string_stack_push(conf.peer_group->peer_dirs, newdir);
free(newdir);
if(chdir(oldcwd))
@@ -311,7 +314,7 @@ void fastd_add_peer_dir(fastd_context_t *ctx, fastd_config_t *conf, const char *
free(oldcwd);
}
-bool fastd_read_config(fastd_context_t *ctx, fastd_config_t *conf, const char *filename, bool peer_config, int depth) {
+bool fastd_read_config(fastd_context_t *ctx, const char *filename, bool peer_config, int depth) {
if (depth >= MAX_CONFIG_DEPTH)
exit_error(ctx, "maximum config include depth exceeded");
@@ -358,9 +361,9 @@ bool fastd_read_config(fastd_context_t *ctx, fastd_config_t *conf, const char *f
if (peer_config)
token = START_PEER_CONFIG;
else
- token = conf->peer_group->parent ? START_PEER_GROUP_CONFIG : START_CONFIG;
+ token = conf.peer_group->parent ? START_PEER_GROUP_CONFIG : START_CONFIG;
- int parse_ret = fastd_config_push_parse(ps, token, &token_val, &loc, ctx, conf, filename, depth+1);
+ int parse_ret = fastd_config_push_parse(ps, token, &token_val, &loc, ctx, filename, depth+1);
while(parse_ret == YYPUSH_MORE) {
token = fastd_lex(&token_val, &loc, lex);
@@ -376,7 +379,7 @@ bool fastd_read_config(fastd_context_t *ctx, fastd_config_t *conf, const char *f
strings = token_val.str;
}
- parse_ret = fastd_config_push_parse(ps, token, &token_val, &loc, ctx, conf, filename, depth+1);
+ parse_ret = fastd_config_push_parse(ps, token, &token_val, &loc, ctx, filename, depth+1);
}
if (parse_ret)
@@ -400,13 +403,13 @@ bool fastd_read_config(fastd_context_t *ctx, fastd_config_t *conf, const char *f
return ret;
}
-static void assess_peers(fastd_context_t *ctx, fastd_config_t *conf) {
- conf->has_floating = false;
+static void assess_peers(fastd_context_t *ctx) {
+ conf.has_floating = false;
fastd_peer_config_t *peer;
- for (peer = conf->peers; peer; peer = peer->next) {
+ for (peer = conf.peers; peer; peer = peer->next) {
if (fastd_peer_config_is_floating(peer))
- conf->has_floating = true;
+ conf.has_floating = true;
if (peer->dynamic_float_deprecated)
pr_warn(ctx, "peer `%s' uses deprecated float syntax, please update your configuration", peer->name);
@@ -414,18 +417,18 @@ static void assess_peers(fastd_context_t *ctx, fastd_config_t *conf) {
}
-static void configure_user(fastd_context_t *ctx, fastd_config_t *conf) {
- conf->uid = getuid();
- conf->gid = getgid();
+static void configure_user(fastd_context_t *ctx) {
+ conf.uid = getuid();
+ conf.gid = getgid();
- if (conf->user) {
+ if (conf.user) {
struct passwd pwd, *pwdr;
size_t bufspace = 1024;
int error;
do {
char buf[bufspace];
- error = getpwnam_r(conf->user, &pwd, buf, bufspace, &pwdr);
+ error = getpwnam_r(conf.user, &pwd, buf, bufspace, &pwdr);
bufspace *= 2;
} while(error == ERANGE);
@@ -433,20 +436,20 @@ static void configure_user(fastd_context_t *ctx, fastd_config_t *conf) {
exit_errno(ctx, "getpwnam_r");
if (!pwdr)
- exit_error(ctx, "config error: unable to find user `%s'.", conf->user);
+ exit_error(ctx, "config error: unable to find user `%s'.", conf.user);
- conf->uid = pwdr->pw_uid;
- conf->gid = pwdr->pw_gid;
+ conf.uid = pwdr->pw_uid;
+ conf.gid = pwdr->pw_gid;
}
- if (conf->group) {
+ if (conf.group) {
struct group grp, *grpr;
size_t bufspace = 1024;
int error;
do {
char buf[bufspace];
- error = getgrnam_r(conf->group, &grp, buf, bufspace, &grpr);
+ error = getgrnam_r(conf.group, &grp, buf, bufspace, &grpr);
bufspace *= 2;
} while(error == ERANGE);
@@ -454,146 +457,146 @@ static void configure_user(fastd_context_t *ctx, fastd_config_t *conf) {
exit_errno(ctx, "getgrnam_r");
if (!grpr)
- exit_error(ctx, "config error: unable to find group `%s'.", conf->group);
+ exit_error(ctx, "config error: unable to find group `%s'.", conf.group);
- conf->gid = grpr->gr_gid;
+ conf.gid = grpr->gr_gid;
}
- if (conf->user) {
+ if (conf.user) {
int ngroups = 0;
- if (getgrouplist(conf->user, conf->gid, NULL, &ngroups) < 0) {
+ if (getgrouplist(conf.user, conf.gid, NULL, &ngroups) < 0) {
/* the user has supplementary groups */
- conf->groups = calloc(ngroups, sizeof(gid_t));
- if (getgrouplist(conf->user, conf->gid, conf->groups, &ngroups) < 0)
+ conf.groups = calloc(ngroups, sizeof(gid_t));
+ if (getgrouplist(conf.user, conf.gid, conf.groups, &ngroups) < 0)
exit_errno(ctx, "getgrouplist");
- conf->n_groups = ngroups;
+ conf.n_groups = ngroups;
}
}
}
-static void configure_method_parameters(fastd_config_t *conf) {
- conf->max_overhead = 0;
- conf->min_encrypt_head_space = 0;
- conf->min_decrypt_head_space = 0;
- conf->min_encrypt_tail_space = 0;
- conf->min_decrypt_tail_space = 0;
+static void configure_method_parameters(void) {
+ conf.max_overhead = 0;
+ conf.min_encrypt_head_space = 0;
+ conf.min_decrypt_head_space = 0;
+ conf.min_encrypt_tail_space = 0;
+ conf.min_decrypt_tail_space = 0;
size_t i;
- for (i = 0; conf->methods[i].name; i++) {
- const fastd_method_provider_t *provider = conf->methods[i].provider;
-
- conf->max_overhead = max_size_t(conf->max_overhead, provider->max_overhead);
- conf->min_encrypt_head_space = max_size_t(conf->min_encrypt_head_space, provider->min_encrypt_head_space);
- conf->min_decrypt_head_space = max_size_t(conf->min_decrypt_head_space, provider->min_decrypt_head_space);
- conf->min_encrypt_tail_space = max_size_t(conf->min_encrypt_tail_space, provider->min_encrypt_tail_space);
- conf->min_decrypt_tail_space = max_size_t(conf->min_decrypt_tail_space, provider->min_decrypt_tail_space);
+ for (i = 0; conf.methods[i].name; i++) {
+ const fastd_method_provider_t *provider = conf.methods[i].provider;
+
+ conf.max_overhead = max_size_t(conf.max_overhead, provider->max_overhead);
+ conf.min_encrypt_head_space = max_size_t(conf.min_encrypt_head_space, provider->min_encrypt_head_space);
+ conf.min_decrypt_head_space = max_size_t(conf.min_decrypt_head_space, provider->min_decrypt_head_space);
+ conf.min_encrypt_tail_space = max_size_t(conf.min_encrypt_tail_space, provider->min_encrypt_tail_space);
+ conf.min_decrypt_tail_space = max_size_t(conf.min_decrypt_tail_space, provider->min_decrypt_tail_space);
}
- conf->min_encrypt_head_space = alignto(conf->min_encrypt_head_space, 16);
+ conf.min_encrypt_head_space = alignto(conf.min_encrypt_head_space, 16);
/* ugly hack to get alignment right for aes128-gcm, which needs data aligned to 16 and has a 24 byte header */
- conf->min_decrypt_head_space = alignto(conf->min_decrypt_head_space, 16) + 8;
+ conf.min_decrypt_head_space = alignto(conf.min_decrypt_head_space, 16) + 8;
}
-static void configure_methods(fastd_context_t *ctx, fastd_config_t *conf) {
+static void configure_methods(fastd_context_t *ctx) {
size_t n_methods = 0, i;
fastd_string_stack_t *method_name;
- for (method_name = conf->method_list; method_name; method_name = method_name->next)
+ for (method_name = conf.method_list; method_name; method_name = method_name->next)
n_methods++;
- conf->methods = calloc(n_methods+1, sizeof(fastd_method_info_t));
+ conf.methods = calloc(n_methods+1, sizeof(fastd_method_info_t));
- for (i = 0, method_name = conf->method_list; method_name; i++, method_name = method_name->next) {
- conf->methods[i].name = method_name->str;
- if (!fastd_method_create_by_name(method_name->str, &conf->methods[i].provider, &conf->methods[i].method))
+ for (i = 0, method_name = conf.method_list; method_name; i++, method_name = method_name->next) {
+ conf.methods[i].name = method_name->str;
+ if (!fastd_method_create_by_name(method_name->str, &conf.methods[i].provider, &conf.methods[i].method))
exit_error(ctx, "config error: method `%s' not supported", method_name->str);
}
- configure_method_parameters(conf);
+ configure_method_parameters();
}
-static void destroy_methods(fastd_config_t *conf) {
+static void destroy_methods(void) {
size_t i;
- for (i = 0; conf->methods[i].name; i++) {
- conf->methods[i].provider->destroy(conf->methods[i].method);
+ for (i = 0; conf.methods[i].name; i++) {
+ conf.methods[i].provider->destroy(conf.methods[i].method);
}
- free(conf->methods);
+ free(conf.methods);
}
-void fastd_configure(fastd_context_t *ctx, fastd_config_t *conf, int argc, char *const argv[]) {
- default_config(conf);
+void fastd_configure(fastd_context_t *ctx, int argc, char *const argv[]) {
+ default_config();
- fastd_config_handle_options(ctx, conf, argc, argv);
+ fastd_config_handle_options(ctx, argc, argv);
- if (!conf->log_stderr_level && !conf->log_syslog_level && !conf->log_files)
- conf->log_stderr_level = FASTD_DEFAULT_LOG_LEVEL;
+ if (!conf.log_stderr_level && !conf.log_syslog_level && !conf.log_files)
+ conf.log_stderr_level = FASTD_DEFAULT_LOG_LEVEL;
}
-static void config_check_base(fastd_context_t *ctx, fastd_config_t *conf) {
- if (conf->ifname) {
- if (strchr(conf->ifname, '/'))
+static void config_check_base(fastd_context_t *ctx) {
+ if (conf.ifname) {
+ if (strchr(conf.ifname, '/'))
exit_error(ctx, "config error: invalid interface name");
}
- if (conf->mode == MODE_TUN) {
- if (conf->peers->next)
+ if (conf.mode == MODE_TUN) {
+ if (conf.peers->next)
exit_error(ctx, "config error: in TUN mode exactly one peer must be configured");
- if (conf->peer_group->children)
+ if (conf.peer_group->children)
exit_error(ctx, "config error: in TUN mode peer groups can't be used");
- if (has_peer_group_peer_dirs(conf->peer_group))
+ if (has_peer_group_peer_dirs(conf.peer_group))
exit_error(ctx, "config error: in TUN mode peer directories can't be used");
}
#ifndef USE_PMTU
- if (conf->pmtu.set)
+ if (conf.pmtu.set)
exit_error(ctx, "config error: setting pmtu is not supported on this system");
#endif
#ifndef USE_PACKET_MARK
- if (conf->packet_mark)
+ if (conf.packet_mark)
exit_error(ctx, "config error: setting a packet mark is not supported on this system");
#endif
}
-void fastd_config_check(fastd_context_t *ctx, fastd_config_t *conf) {
- config_check_base(ctx, conf);
+void fastd_config_check(fastd_context_t *ctx) {
+ config_check_base(ctx);
- if (conf->mode == MODE_TUN) {
- if (!conf->peers)
+ if (conf.mode == MODE_TUN) {
+ if (!conf.peers)
exit_error(ctx, "config error: in TUN mode exactly one peer must be configured");
}
- if (!conf->peers && !has_peer_group_peer_dirs(conf->peer_group))
+ if (!conf.peers && !has_peer_group_peer_dirs(conf.peer_group))
exit_error(ctx, "config error: neither fixed peers nor peer dirs have been configured");
- if (!conf->method_list) {
+ if (!conf.method_list) {
pr_warn(ctx, "no encryption method configured, falling back to method `null' (unencrypted)");
- fastd_config_method(ctx, conf, "null");
+ fastd_config_method(ctx, "null");
}
- configure_user(ctx, conf);
- configure_methods(ctx, conf);
+ configure_user(ctx);
+ configure_methods(ctx);
}
-void fastd_config_verify(fastd_context_t *ctx, fastd_config_t *conf) {
- config_check_base(ctx, conf);
- configure_methods(ctx, conf);
+void fastd_config_verify(fastd_context_t *ctx) {
+ config_check_base(ctx);
+ configure_methods(ctx);
fastd_peer_config_t *peer;
- for (peer = conf->peers; peer; peer = peer->next)
- conf->protocol->peer_verify(ctx, peer);
+ for (peer = conf.peers; peer; peer = peer->next)
+ conf.protocol->peer_verify(ctx, peer);
}
-static void peer_dirs_read_peer_group(fastd_context_t *ctx, fastd_config_t *new_conf) {
- read_peer_dirs(ctx, new_conf);
+static void peer_dirs_read_peer_group(fastd_context_t *ctx) {
+ read_peer_dirs(ctx);
fastd_peer_group_config_t *group;
- for (group = new_conf->peer_group->children; group; group = group->next) {
- new_conf->peer_group = group;
- peer_dirs_read_peer_group(ctx, new_conf);
+ for (group = conf.peer_group->children; group; group = group->next) {
+ conf.peer_group = group;
+ peer_dirs_read_peer_group(ctx);
}
}
@@ -653,58 +656,61 @@ static void peer_dirs_handle_new_peers(fastd_context_t *ctx UNUSED, fastd_peer_c
}
}
-void fastd_config_load_peer_dirs(fastd_context_t *ctx, fastd_config_t *conf) {
- fastd_config_t temp_conf;
- temp_conf.peer_group = conf->peer_group;
- temp_conf.peers = NULL;
+void fastd_config_load_peer_dirs(fastd_context_t *ctx) {
+ fastd_peer_config_t *old_peers = conf.peers;
+ conf.peers = NULL;
+
+ peer_dirs_read_peer_group(ctx);
+
+ fastd_peer_config_t *new_peers = conf.peers;
+ conf.peers = old_peers;
- peer_dirs_read_peer_group(ctx, &temp_conf);
- peer_dirs_handle_old_peers(ctx, &conf->peers, &temp_conf.peers);
- peer_dirs_handle_new_peers(ctx, &conf->peers, temp_conf.peers);
+ peer_dirs_handle_old_peers(ctx, &conf.peers, &new_peers);
+ peer_dirs_handle_new_peers(ctx, &conf.peers, new_peers);
- assess_peers(ctx, conf);
+ assess_peers(ctx);
}
-void fastd_config_release(fastd_context_t *ctx, fastd_config_t *conf) {
- while (conf->peers)
- fastd_peer_config_delete(ctx, conf);
+void fastd_config_release(fastd_context_t *ctx) {
+ while (conf.peers)
+ fastd_peer_config_delete(ctx);
- while (conf->log_files) {
- fastd_log_file_t *next = conf->log_files->next;
- free(conf->log_files->filename);
- free(conf->log_files);
- conf->log_files = next;
+ while (conf.log_files) {
+ fastd_log_file_t *next = conf.log_files->next;
+ free(conf.log_files->filename);
+ free(conf.log_files);
+ conf.log_files = next;
}
- while (conf->bind_addrs) {
- fastd_bind_address_t *next = conf->bind_addrs->next;
- free(conf->bind_addrs->bindtodev);
- free(conf->bind_addrs);
- conf->bind_addrs = next;
+ while (conf.bind_addrs) {
+ fastd_bind_address_t *next = conf.bind_addrs->next;
+ free(conf.bind_addrs->bindtodev);
+ free(conf.bind_addrs);
+ conf.bind_addrs = next;
}
- free_peer_group(conf->peer_group);
-
- destroy_methods(conf);
- fastd_string_stack_free(conf->method_list);
-
- fastd_mac_config_free(conf->macs);
- fastd_cipher_config_free(conf->ciphers);
-
- fastd_shell_command_unset(&conf->on_pre_up);
- fastd_shell_command_unset(&conf->on_up);
- fastd_shell_command_unset(&conf->on_down);
- fastd_shell_command_unset(&conf->on_post_down);
- fastd_shell_command_unset(&conf->on_connect);
- fastd_shell_command_unset(&conf->on_establish);
- fastd_shell_command_unset(&conf->on_disestablish);
- fastd_shell_command_unset(&conf->on_verify);
-
- free(conf->user);
- free(conf->group);
- free(conf->groups);
- free(conf->ifname);
- free(conf->secret);
- free(conf->protocol_config);
- free(conf->log_syslog_ident);
+ free_peer_group(conf.peer_group);
+
+ destroy_methods();
+ fastd_string_stack_free(conf.method_list);
+
+ fastd_mac_config_free(conf.macs);
+ fastd_cipher_config_free(conf.ciphers);
+
+ fastd_shell_command_unset(&conf.on_pre_up);
+ fastd_shell_command_unset(&conf.on_up);
+ fastd_shell_command_unset(&conf.on_down);
+ fastd_shell_command_unset(&conf.on_post_down);
+ fastd_shell_command_unset(&conf.on_connect);
+ fastd_shell_command_unset(&conf.on_establish);
+ fastd_shell_command_unset(&conf.on_disestablish);
+ fastd_shell_command_unset(&conf.on_verify);
+
+ free(conf.user);
+ free(conf.group);
+ free(conf.groups);
+ free(conf.ifname);
+ free(conf.secret);
+ free(conf.protocol_config);
+ free(conf.log_syslog_ident);
}
diff --git a/src/config.h b/src/config.h
index a13ddc0..60663f4 100644
--- a/src/config.h
+++ b/src/config.h
@@ -29,20 +29,21 @@
#include "fastd.h"
-void fastd_config_protocol(fastd_context_t *ctx, fastd_config_t *conf, const char *name);
-void fastd_config_method(fastd_context_t *ctx, fastd_config_t *conf, const char *name);
-void fastd_config_cipher(fastd_context_t *ctx, fastd_config_t *conf, const char *name, const char *impl);
-void fastd_config_mac(fastd_context_t *ctx, fastd_config_t *conf, const char *name, const char *impl);
-void fastd_config_add_log_file(fastd_context_t *ctx, fastd_config_t *conf, const char *name, fastd_loglevel_t level);
-void fastd_config_bind_address(fastd_context_t *ctx, fastd_config_t *conf, const fastd_peer_address_t *address, const char *bindtodev, bool default_v4, bool default_v6);
-void fastd_config_peer_group_push(fastd_context_t *ctx, fastd_config_t *conf, const char *name);
-void fastd_config_peer_group_pop(fastd_context_t *ctx, fastd_config_t *conf);
-void fastd_config_release(fastd_context_t *ctx, fastd_config_t *conf);
-void fastd_configure(fastd_context_t *ctx, fastd_config_t *conf, int argc, char *const argv[]);
-void fastd_config_check(fastd_context_t *ctx, fastd_config_t *conf);
-void fastd_config_load_peer_dirs(fastd_context_t *ctx, fastd_config_t *conf);
-void fastd_config_handle_options(fastd_context_t *ctx, fastd_config_t *conf, int argc, char *const argv[]);
-void fastd_config_verify(fastd_context_t *ctx, fastd_config_t *conf);
-
-void fastd_add_peer_dir(fastd_context_t *ctx, fastd_config_t *conf, const char *dir);
-bool fastd_read_config(fastd_context_t *ctx, fastd_config_t *conf, const char *filename, bool peer_config, int depth);
+void fastd_config_protocol(fastd_context_t *ctx, const char *name);
+void fastd_config_method(fastd_context_t *ctx, const char *name);
+void fastd_config_cipher(fastd_context_t *ctx, const char *name, const char *impl);
+void fastd_config_mac(fastd_context_t *ctx, const char *name, const char *impl);
+void fastd_config_add_log_file(fastd_context_t *ctx, const char *name, fastd_loglevel_t level);
+void fastd_config_bind_address(fastd_context_t *ctx, const fastd_peer_address_t *address, const char *bindtodev, bool default_v4, bool default_v6);
+void fastd_config_peer_group_push(fastd_context_t *ctx, const char *name);
+void fastd_config_peer_group_pop(fastd_context_t *ctx);
+void fastd_config_release(fastd_context_t *ctx);
+void fastd_config_handle_options(fastd_context_t *ctx, int argc, char *const argv[]);
+void fastd_config_verify(fastd_context_t *ctx);
+
+void fastd_configure(fastd_context_t *ctx, int argc, char *const argv[]);
+void fastd_config_check(fastd_context_t *ctx);
+void fastd_config_load_peer_dirs(fastd_context_t *ctx);
+
+void fastd_add_peer_dir(fastd_context_t *ctx, const char *dir);
+bool fastd_read_config(fastd_context_t *ctx, const char *filename, bool peer_config, int depth);
diff --git a/src/config.y b/src/config.y
index b4bd68b..6545288 100644
--- a/src/config.y
+++ b/src/config.y
@@ -29,7 +29,6 @@
%name-prefix "fastd_config_"
%locations
%parse-param {fastd_context_t *ctx}
-%parse-param {fastd_config_t *conf}
%parse-param {const char *filename}
%parse-param {int depth}
@@ -140,7 +139,7 @@
#include <limits.h>
- void fastd_config_error(YYLTYPE *loc, fastd_context_t *ctx, fastd_config_t *conf, const char *filename, int depth, const char *s);
+ void fastd_config_error(YYLTYPE *loc, fastd_context_t *ctx, const char *filename, int depth, const char *s);
}
@@ -214,18 +213,18 @@ peer_group_statement:
;
user: TOK_STRING {
- free(conf->user);
- conf->user = strdup($1->str);
+ free(conf.user);
+ conf.user = strdup($1->str);
}
group: TOK_STRING {
- free(conf->group);
- conf->group = strdup($1->str);
+ free(conf.group);
+ conf.group = strdup($1->str);
}
drop_capabilities:
drop_capabilities_enabled {
- conf->drop_caps = $1;
+ conf.drop_caps = $1;
}
drop_capabilities_enabled:
@@ -238,43 +237,43 @@ drop_capabilities_enabled:
secure_handshakes:
boolean {
- conf->secure_handshakes = $1;
+ conf.secure_handshakes = $1;
}
;
cipher: TOK_STRING TOK_USE TOK_STRING {
- fastd_config_cipher(ctx, conf, $1->str, $3->str);
+ fastd_config_cipher(ctx, $1->str, $3->str);
}
mac: TOK_STRING TOK_USE TOK_STRING {
- fastd_config_mac(ctx, conf, $1->str, $3->str);
+ fastd_config_mac(ctx, $1->str, $3->str);
}
log: TOK_LEVEL log_level {
- conf->log_stderr_level = $2;
+ conf.log_stderr_level = $2;
}
| TOK_TO TOK_STDERR maybe_log_level {
- conf->log_stderr_level = $3;
+ conf.log_stderr_level = $3;
}
| TOK_TO TOK_SYSLOG maybe_log_level {
- conf->log_syslog_level = $3;
+ conf.log_syslog_level = $3;
}
| TOK_TO TOK_SYSLOG TOK_AS TOK_STRING maybe_log_level {
- free(conf->log_syslog_ident);
- conf->log_syslog_ident = strdup($4->str);
+ free(conf.log_syslog_ident);
+ conf.log_syslog_ident = strdup($4->str);
- conf->log_syslog_level = $5;
+ conf.log_syslog_level = $5;
}
| TOK_TO TOK_STRING maybe_log_level {
- fastd_config_add_log_file(ctx, conf, $2->str, $3);
+ fastd_config_add_log_file(ctx, $2->str, $3);
}
;
hide: TOK_IP TOK_ADDRESSES boolean {
- conf->hide_ip_addresses = $3;
+ conf.hide_ip_addresses = $3;
}
| TOK_MAC TOK_ADDRESSES boolean {
- conf->hide_mac_addresses = $3;
+ conf.hide_mac_addresses = $3;
}
;
@@ -292,15 +291,15 @@ log_level: TOK_FATAL { $$ = LL_FATAL; }
| TOK_DEBUG2 { $$ = LL_DEBUG2; }
;
-interface: TOK_STRING { free(conf->ifname); conf->ifname = strdup($1->str); }
+interface: TOK_STRING { free(conf.ifname); conf.ifname = strdup($1->str); }
;
bind: bind_address maybe_bind_interface maybe_bind_default {
- fastd_config_bind_address(ctx, conf, &$1, $2 ? $2->str : NULL, $3 == AF_UNSPEC || $3 == AF_INET, $3 == AF_UNSPEC || $3 == AF_INET6);
+ fastd_config_bind_address(ctx, &$1, $2 ? $2->str : NULL, $3 == AF_UNSPEC || $3 == AF_INET, $3 == AF_UNSPEC || $3 == AF_INET6);
}
| TOK_ADDR6_SCOPED maybe_port maybe_bind_default {
fastd_peer_address_t addr = { .in6 = { .sin6_family = AF_INET6, .sin6_addr = $1.addr, .sin6_port = htons($2) } };
- fastd_config_bind_address(ctx, conf, &addr, $1.ifname, $3 == AF_UNSPEC || $3 == AF_INET, $3 == AF_UNSPEC || $3 == AF_INET6);
+ fastd_config_bind_address(ctx, &addr, $1.ifname, $3 == AF_UNSPEC || $3 == AF_INET, $3 == AF_UNSPEC || $3 == AF_INET6);
}
;
@@ -347,82 +346,82 @@ bind_default:
;
packet_mark: TOK_UINT {
- conf->packet_mark = $1;
+ conf.packet_mark = $1;
}
mtu: TOK_UINT {
if ($1 < 576 || $1 > 65535) {
- fastd_config_error(&@$, ctx, conf, filename, depth, "invalid MTU");
+ fastd_config_error(&@$, ctx, filename, depth, "invalid MTU");
YYERROR;
}
- conf->mtu = $1;
+ conf.mtu = $1;
}
;
-pmtu: autobool { conf->pmtu = $1; }
+pmtu: autobool { conf.pmtu = $1; }
;
-mode: TOK_TAP { conf->mode = MODE_TAP; }
- | TOK_TUN { conf->mode = MODE_TUN; }
+mode: TOK_TAP { conf.mode = MODE_TAP; }
+ | TOK_TUN { conf.mode = MODE_TUN; }
;
protocol: TOK_STRING {
- fastd_config_protocol(ctx, conf, $1->str);
+ fastd_config_protocol(ctx, $1->str);
}
;
method: TOK_STRING {
- fastd_config_method(ctx, conf, $1->str);
+ fastd_config_method(ctx, $1->str);
}
;
-secret: TOK_STRING { free(conf->secret); conf->secret = strdup($1->str); }
+secret: TOK_STRING { free(conf.secret); conf.secret = strdup($1->str); }
;
on_pre_up: sync_def_sync TOK_STRING {
- fastd_shell_command_set(&conf->on_pre_up, $2->str, $1);
+ fastd_shell_command_set(&conf.on_pre_up, $2->str, $1);
}
;
on_up: sync_def_sync TOK_STRING {
- fastd_shell_command_set(&conf->on_up, $2->str, $1);
+ fastd_shell_command_set(&conf.on_up, $2->str, $1);
}
;
on_down: sync_def_sync TOK_STRING {
- fastd_shell_command_set(&conf->on_down, $2->str, $1);
+ fastd_shell_command_set(&conf.on_down, $2->str, $1);
}
;
on_post_down: sync_def_sync TOK_STRING {
- fastd_shell_command_set(&conf->on_post_down, $2->str, $1);
+ fastd_shell_command_set(&conf.on_post_down, $2->str, $1);
}
;
on_connect: sync_def_async TOK_STRING {
- fastd_shell_command_set(&conf->on_connect, $2->str, $1);
+ fastd_shell_command_set(&conf.on_connect, $2->str, $1);
}
;
on_establish: sync_def_async TOK_STRING {
- fastd_shell_command_set(&conf->on_establish, $2->str, $1);
+ fastd_shell_command_set(&conf.on_establish, $2->str, $1);
}
;
on_disestablish: sync_def_async TOK_STRING {
- fastd_shell_command_set(&conf->on_disestablish, $2->str, $1);
+ fastd_shell_command_set(&conf.on_disestablish, $2->str, $1);
}
;
on_verify: sync_def_async TOK_STRING {
- fastd_shell_command_set(&conf->on_verify, $2->str, $1);
+ fastd_shell_command_set(&conf.on_verify, $2->str, $1);
}
;
peer: TOK_STRING {
- fastd_peer_config_new(ctx, conf);
- conf->peers->name = strdup($1->str);
+ fastd_peer_config_new(ctx);
+ conf.peers->name = strdup($1->str);
}
;
@@ -437,7 +436,7 @@ peer_statement: TOK_REMOTE peer_remote ';'
;
peer_remote: TOK_ADDR4 port {
- fastd_remote_config_t **remote = &conf->peers->remotes;
+ fastd_remote_config_t **remote = &conf.peers->remotes;
while (*remote)
remote = &(*remote)->next;
@@ -449,7 +448,7 @@ peer_remote: TOK_ADDR4 port {
fastd_peer_address_simplify(&(*remote)->address);
}
| TOK_ADDR6 port {
- fastd_remote_config_t **remote = &conf->peers->remotes;
+ fastd_remote_config_t **remote = &conf.peers->remotes;
while (*remote)
remote = &(*remote)->next;
@@ -463,7 +462,7 @@ peer_remote: TOK_ADDR4 port {
| TOK_ADDR6_SCOPED port {
char addrbuf[INET6_ADDRSTRLEN];
size_t addrlen;
- fastd_remote_config_t **remote = &conf->peers->remotes;
+ fastd_remote_config_t **remote = &conf.peers->remotes;
while (*remote)
remote = &(*remote)->next;
@@ -481,7 +480,7 @@ peer_remote: TOK_ADDR4 port {
(*remote)->address.in.sin_port = htons($2);
}
| maybe_af TOK_STRING port maybe_float {
- fastd_remote_config_t **remote = &conf->peers->remotes;
+ fastd_remote_config_t **remote = &conf.peers->remotes;
while (*remote)
remote = &(*remote)->next;
@@ -492,67 +491,67 @@ peer_remote: TOK_ADDR4 port {
(*remote)->address.in.sin_port = htons($3);
if ($4) {
- conf->peers->floating = true;
- conf->peers->dynamic_float_deprecated = true;
+ conf.peers->floating = true;
+ conf.peers->dynamic_float_deprecated = true;
}
}
;
peer_float: boolean {
- conf->peers->floating = $1;
+ conf.peers->floating = $1;
}
;
peer_key: TOK_STRING {
- free(conf->peers->key); conf->peers->key = strdup($1->str);
+ free(conf.peers->key); conf.peers->key = strdup($1->str);
}
;
peer_include: TOK_STRING {
- if (!fastd_read_config(ctx, conf, $1->str, true, depth))
+ if (!fastd_read_config(ctx, $1->str, true, depth))
YYERROR;
}
;
peer_group: TOK_STRING {
- fastd_config_peer_group_push(ctx, conf, $1->str);
+ fastd_config_peer_group_push(ctx, $1->str);
}
;
peer_group_after:
{
- fastd_config_peer_group_pop(ctx, conf);
+ fastd_config_peer_group_pop(ctx);
}
;
peer_limit: TOK_UINT {
if ($1 > INT_MAX) {
- fastd_config_error(&@$, ctx, conf, filename, depth, "invalid peer limit");
+ fastd_config_error(&@$, ctx, filename, depth, "invalid peer limit");
YYERROR;
}
- conf->peer_group->max_connections = $1;
+ conf.peer_group->max_connections = $1;
}
;
-forward: boolean { conf->forward = $1; }
+forward: boolean { conf.forward = $1; }
;
include: TOK_PEER TOK_STRING maybe_as {
- fastd_peer_config_new(ctx, conf);
+ fastd_peer_config_new(ctx);
if ($3)
- conf->peers->name = strdup($3->str);
+ conf.peers->name = strdup($3->str);
- if (!fastd_read_config(ctx, conf, $2->str, true, depth))
+ if (!fastd_read_config(ctx, $2->str, true, depth))
YYERROR;
}
| TOK_PEERS TOK_FROM TOK_STRING {
- fastd_add_peer_dir(ctx, conf, $3->str);
+ fastd_add_peer_dir(ctx, $3->str);
}
| TOK_STRING {
- if (!fastd_read_config(ctx, conf, $1->str, false, depth))
+ if (!fastd_read_config(ctx, $1->str, false, depth))
YYERROR;
}
;
@@ -602,7 +601,7 @@ colon_or_port: ':'
port: colon_or_port TOK_UINT {
if ($2 < 1 || $2 > 65535) {
- fastd_config_error(&@$, ctx, conf, filename, depth, "invalid port");
+ fastd_config_error(&@$, ctx, filename, depth, "invalid port");
YYERROR;
}
$$ = $2;
@@ -610,6 +609,6 @@ port: colon_or_port TOK_UINT {
;
%%
-void fastd_config_error(YYLTYPE *loc, fastd_context_t *ctx, fastd_config_t *conf UNUSED, const char *filename, int depth UNUSED, const char *s) {
+void fastd_config_error(YYLTYPE *loc, fastd_context_t *ctx, const char *filename, int depth UNUSED, const char *s) {
pr_error(ctx, "config error: %s at %s:%i:%i", s, filename, loc->first_line, loc->first_column);
}
diff --git a/src/crypto.h b/src/crypto.h
index 25efb10..de2bddf 100644
--- a/src/crypto.h
+++ b/src/crypto.h
@@ -64,14 +64,14 @@ void fastd_cipher_config_free(const fastd_cipher_t **cipher_conf);
bool fastd_cipher_config(const fastd_cipher_t **cipher_conf, const char *name, const char *impl);
const fastd_cipher_info_t* fastd_cipher_info_get_by_name(const char *name);
-const fastd_cipher_t* fastd_cipher_get(fastd_context_t *ctx, const fastd_cipher_info_t *info);
+const fastd_cipher_t* fastd_cipher_get(const fastd_cipher_info_t *info);
const fastd_mac_t** fastd_mac_config_alloc(void);
void fastd_mac_config_free(const fastd_mac_t **mac_conf);
bool fastd_mac_config(const fastd_mac_t **mac_conf, const char *name, const char *impl);
const fastd_mac_info_t* fastd_mac_info_get_by_name(const char *name);
-const fastd_mac_t* fastd_mac_get(fastd_context_t *ctx, const fastd_mac_info_t *info);
+const fastd_mac_t* fastd_mac_get(const fastd_mac_info_t *info);
static inline void secure_memzero(void *s, size_t n) {
diff --git a/src/crypto/cipher/ciphers.c.in b/src/crypto/cipher/ciphers.c.in
index 5cef18f..2140731 100644
--- a/src/crypto/cipher/ciphers.c.in
+++ b/src/crypto/cipher/ciphers.c.in
@@ -106,11 +106,11 @@ const fastd_cipher_info_t* fastd_cipher_info_get_by_name(const char *name) {
return NULL;
}
-const fastd_cipher_t* fastd_cipher_get(fastd_context_t *ctx, const fastd_cipher_info_t *info) {
+const fastd_cipher_t* fastd_cipher_get(const fastd_cipher_info_t *info) {
size_t i;
for (i = 0; i < array_size(ciphers); i++) {
if (ciphers[i].info == info)
- return ctx->conf->ciphers[i];
+ return conf.ciphers[i];
}
return NULL;
diff --git a/src/crypto/mac/macs.c.in b/src/crypto/mac/macs.c.in
index 8114da4..ccf560e 100644
--- a/src/crypto/mac/macs.c.in
+++ b/src/crypto/mac/macs.c.in
@@ -106,11 +106,11 @@ const fastd_mac_info_t* fastd_mac_info_get_by_name(const char *name) {
return NULL;
}
-const fastd_mac_t* fastd_mac_get(fastd_context_t *ctx, const fastd_mac_info_t *info) {
+const fastd_mac_t* fastd_mac_get(const fastd_mac_info_t *info) {
size_t i;
for (i = 0; i < array_size(macs); i++) {
if (macs[i].info == info)
- return ctx->conf->macs[i];
+ return conf.macs[i];
}
return NULL;
diff --git a/src/fastd.c b/src/fastd.c
index 1236e55..47daada 100644
--- a/src/fastd.c
+++ b/src/fastd.c
@@ -135,18 +135,18 @@ static void init_log(fastd_context_t *ctx) {
uid_t uid = geteuid();
gid_t gid = getegid();
- if (ctx->conf->user || ctx->conf->group) {
- if (setegid(ctx->conf->gid) < 0)
+ if (conf.user || conf.group) {
+ if (setegid(conf.gid) < 0)
pr_debug_errno(ctx, "setegid");
- if (seteuid(ctx->conf->uid) < 0)
+ if (seteuid(conf.uid) < 0)
pr_debug_errno(ctx, "seteuid");
}
- if (ctx->conf->log_syslog_level > LL_UNSPEC)
- openlog(ctx->conf->log_syslog_ident, LOG_PID, LOG_DAEMON);
+ if (conf.log_syslog_level > LL_UNSPEC)
+ openlog(conf.log_syslog_ident, LOG_PID, LOG_DAEMON);
fastd_log_file_t *config;
- for (config = ctx->conf->log_files; config; config = config->next) {
+ for (config = conf.log_files; config; config = config->next) {
fastd_log_fd_t *file = malloc(sizeof(fastd_log_fd_t));
file->config = config;
@@ -179,23 +179,23 @@ static void close_log(fastd_context_t *ctx) {
static void init_sockets(fastd_context_t *ctx) {
- ctx->socks = malloc(ctx->conf->n_bind_addrs * sizeof(fastd_socket_t));
+ ctx->socks = malloc(conf.n_bind_addrs * sizeof(fastd_socket_t));
unsigned i;
- fastd_bind_address_t *addr = ctx->conf->bind_addrs;
- for (i = 0; i < ctx->conf->n_bind_addrs; i++) {
+ fastd_bind_address_t *addr = conf.bind_addrs;
+ for (i = 0; i < conf.n_bind_addrs; i++) {
ctx->socks[i] = (fastd_socket_t){ .fd = -2, .addr = addr };
- if (addr == ctx->conf->bind_addr_default_v4)
+ if (addr == conf.bind_addr_default_v4)
ctx->sock_default_v4 = &ctx->socks[i];
- if (addr == ctx->conf->bind_addr_default_v6)
+ if (addr == conf.bind_addr_default_v6)
ctx->sock_default_v6 = &ctx->socks[i];
addr = addr->next;
}
- ctx->n_socks = ctx->conf->n_bind_addrs;
+ ctx->n_socks = conf.n_bind_addrs;
}
@@ -233,7 +233,7 @@ static inline void handle_forward(fastd_context_t *ctx, fastd_peer_t *source_pee
if (dest_peer) {
if (dest_peer != source_peer)
- ctx->conf->protocol->send(ctx, dest_peer, buffer);
+ conf.protocol->send(ctx, dest_peer, buffer);
else
fastd_buffer_free(buffer);
@@ -245,7 +245,7 @@ static inline void handle_forward(fastd_context_t *ctx, fastd_peer_t *source_pee
}
void fastd_handle_receive(fastd_context_t *ctx, fastd_peer_t *peer, fastd_buffer_t buffer) {
- if (ctx->conf->mode == MODE_TAP) {
+ if (conf.mode == MODE_TAP) {
if (buffer.len < ETH_HLEN) {
pr_debug(ctx, "received truncated packet");
fastd_buffer_free(buffer);
@@ -263,7 +263,7 @@ void fastd_handle_receive(fastd_context_t *ctx, fastd_peer_t *peer, fastd_buffer
fastd_tuntap_write(ctx, buffer);
- if (ctx->conf->mode == MODE_TAP && ctx->conf->forward) {
+ if (conf.mode == MODE_TAP && conf.forward) {
handle_forward(ctx, peer, buffer);
return;
}
@@ -272,19 +272,19 @@ void fastd_handle_receive(fastd_context_t *ctx, fastd_peer_t *peer, fastd_buffer
}
static inline void on_pre_up(fastd_context_t *ctx) {
- fastd_shell_command_exec(ctx, &ctx->conf->on_pre_up, NULL, NULL, NULL);
+ fastd_shell_command_exec(ctx, &conf.on_pre_up, NULL, NULL, NULL);
}
static inline void on_up(fastd_context_t *ctx) {
- fastd_shell_command_exec(ctx, &ctx->conf->on_up, NULL, NULL, NULL);
+ fastd_shell_command_exec(ctx, &conf.on_up, NULL, NULL, NULL);
}
static inline void on_down(fastd_context_t *ctx) {
- fastd_shell_command_exec(ctx, &ctx->conf->on_down, NULL, NULL, NULL);
+ fastd_shell_command_exec(ctx, &conf.on_down, NULL, NULL, NULL);
}
static inline void on_post_down(fastd_context_t *ctx) {
- fastd_shell_command_exec(ctx, &ctx->conf->on_post_down, NULL, NULL, NULL);
+ fastd_shell_command_exec(ctx, &conf.on_post_down, NULL, NULL, NULL);
}
static fastd_peer_group_t* init_peer_group(const fastd_peer_group_config_t *config, fastd_peer_group_t *parent) {
@@ -305,7 +305,7 @@ static fastd_peer_group_t* init_peer_group(const fastd_peer_group_config_t *conf
}
static void init_peer_groups(fastd_context_t *ctx) {
- ctx->peer_group = init_peer_group(ctx->conf->peer_group, NULL);
+ ctx->peer_group = init_peer_group(conf.peer_group, NULL);
}
static void free_peer_group(fastd_peer_group_t *group) {
@@ -325,11 +325,11 @@ static void delete_peer_groups(fastd_context_t *ctx) {
static void init_peers(fastd_context_t *ctx) {
fastd_peer_config_t *peer_conf;
- for (peer_conf = ctx->conf->peers; peer_conf; peer_conf = peer_conf->next)
- ctx->conf->protocol->peer_configure(ctx, peer_conf);
+ for (peer_conf = conf.peers; peer_conf; peer_conf = peer_conf->next)
+ conf.protocol->peer_configure(ctx, peer_conf);
- for (peer_conf = ctx->conf->peers; peer_conf; peer_conf = peer_conf->next) {
- bool enable = ctx->conf->protocol->peer_check(ctx, peer_conf);
+ for (peer_conf = conf.peers; peer_conf; peer_conf = peer_conf->next) {
+ bool enable = conf.protocol->peer_check(ctx, peer_conf);
if (enable && !peer_conf->enabled)
fastd_peer_add(ctx, peer_conf);
@@ -349,7 +349,7 @@ static void init_peers(fastd_context_t *ctx) {
}
}
else {
- if (!ctx->conf->protocol->peer_check_temporary(ctx, peer)) {
+ if (!conf.protocol->peer_check_temporary(ctx, peer)) {
fastd_peer_delete(ctx, peer);
continue;
}
@@ -380,7 +380,7 @@ static void dump_state(fastd_context_t *ctx) {
continue;
}
- if (ctx->conf->mode == MODE_TAP) {
+ if (conf.mode == MODE_TAP) {
unsigned int eth_addresses = 0;
size_t i;
for (i = 0; i < VECTOR_LEN(ctx->eth_addrs); i++) {
@@ -428,9 +428,9 @@ static void send_handshake(fastd_context_t *ctx, fastd_peer_t *peer) {
}
pr_debug(ctx, "sending handshake to %P[%I]...", peer, &peer->address);
- peer->last_handshake_timeout = fastd_in_seconds(ctx, ctx->conf->min_handshake_interval);
+ peer->last_handshake_timeout = fastd_in_seconds(ctx, conf.min_handshake_interval);
peer->last_handshake_address = peer->address;
- ctx->conf->protocol->handshake_init(ctx, peer->sock, &peer->local_address, &peer->address, peer);
+ conf.protocol->handshake_init(ctx, peer->sock, &peer->local_address, &peer->address, peer);
}
static void handle_handshake_queue(fastd_context_t *ctx) {
@@ -503,7 +503,7 @@ static bool maintain_peer(fastd_context_t *ctx, fastd_peer_t *peer) {
return true;
pr_debug2(ctx, "sending keepalive to %P", peer);
- ctx->conf->protocol->send(ctx, peer, fastd_buffer_alloc(ctx, 0, ctx->conf->min_encrypt_head_space, ctx->conf->min_encrypt_tail_space));
+ conf.protocol->send(ctx, peer, fastd_buffer_alloc(ctx, 0, conf.min_encrypt_head_space, conf.min_encrypt_tail_space));
}
return true;
@@ -522,7 +522,7 @@ static void maintenance(fastd_context_t *ctx) {
fastd_peer_eth_addr_cleanup(ctx);
- ctx->next_maintenance.tv_sec += ctx->conf->maintenance_interval;
+ ctx->next_maintenance.tv_sec += conf.maintenance_interval;
}
@@ -549,20 +549,20 @@ static void close_fds(fastd_context_t *ctx) {
}
static void write_pid(fastd_context_t *ctx, pid_t pid) {
- if (!ctx->conf->pid_file)
+ if (!conf.pid_file)
return;
uid_t uid = geteuid();
gid_t gid = getegid();
- if (ctx->conf->user || ctx->conf->group) {
- if (setegid(ctx->conf->gid) < 0)
+ if (conf.user || conf.group) {
+ if (setegid(conf.gid) < 0)
pr_debug_errno(ctx, "setegid");
- if (seteuid(ctx->conf->uid) < 0)
+ if (seteuid(conf.uid) < 0)
pr_debug_errno(ctx, "seteuid");
}
- int fd = open(ctx->conf->pid_file, O_WRONLY|O_CREAT|O_TRUNC, 0666);
+ int fd = open(conf.pid_file, O_WRONLY|O_CREAT|O_TRUNC, 0666);
if (fd < 0) {
pr_error_errno(ctx, "can't write PID file: open");
goto end;
@@ -582,26 +582,26 @@ static void write_pid(fastd_context_t *ctx, pid_t pid) {
}
static void set_user(fastd_context_t *ctx) {
- if (ctx->conf->user || ctx->conf->group) {
- if (setgid(ctx->conf->gid) < 0)
+ if (conf.user || conf.group) {
+ if (setgid(conf.gid) < 0)
exit_errno(ctx, "setgid");
- if (setuid(ctx->conf->uid) < 0)
+ if (setuid(conf.uid) < 0)
exit_errno(ctx, "setuid");
- pr_info(ctx, "Changed to UID %i, GID %i.", ctx->conf->uid, ctx->conf->gid);
+ pr_info(ctx, "Changed to UID %i, GID %i.", conf.uid, conf.gid);
}
}
static void set_groups(fastd_context_t *ctx) {
- if (ctx->conf->groups) {
- if (setgroups(ctx->conf->n_groups, ctx->conf->groups) < 0) {
+ if (conf.groups) {
+ if (setgroups(conf.n_groups, conf.groups) < 0) {
if (errno != EPERM)
pr_debug_errno(ctx, "setgroups");
}
}
- else if (ctx->conf->user || ctx->conf->group) {
- if (setgroups(1, &ctx->conf->gid) < 0) {
+ else if (conf.user || conf.group) {
+ if (setgroups(1, &conf.gid) < 0) {
if (errno != EPERM)
pr_debug_errno(ctx, "setgroups");
}
@@ -753,12 +753,10 @@ int main(int argc, char *argv[]) {
fastd_random_bytes(&ctx, &ctx.randseed, sizeof(ctx.randseed), false);
- fastd_config_t conf;
- fastd_configure(&ctx, &conf, argc, argv);
- ctx.conf = &conf;
+ fastd_configure(&ctx, argc, argv);
if (conf.verify_config) {
- fastd_config_verify(&ctx, &conf);
+ fastd_config_verify(&ctx);
exit(0);
}
@@ -770,7 +768,7 @@ int main(int argc, char *argv[]) {
conf.protocol_config = conf.protocol->init(&ctx);
if (conf.show_key) {
- conf.protocol->show_key(&ctx);
+ conf.protocol->show_key();
exit(0);
}
@@ -794,7 +792,7 @@ int main(int argc, char *argv[]) {
OPENSSL_config(NULL);
#endif
- fastd_config_check(&ctx, &conf);
+ fastd_config_check(&ctx);
fastd_update_time(&ctx);
@@ -849,7 +847,7 @@ int main(int argc, char *argv[]) {
else if (conf.drop_caps == DROP_CAPS_OFF)
set_user(&ctx);
- fastd_config_load_peer_dirs(&ctx, &conf);
+ fastd_config_load_peer_dirs(&ctx);
VECTOR_ALLOC(ctx.eth_addrs, 0);
VECTOR_ALLOC(ctx.peers, 0);
@@ -881,7 +879,7 @@ int main(int argc, char *argv[]) {
close_log(&ctx);
init_log(&ctx);
- fastd_config_load_peer_dirs(&ctx, &conf);
+ fastd_config_load_peer_dirs(&ctx);
init_peers(&ctx);
}
@@ -920,7 +918,7 @@ int main(int argc, char *argv[]) {
#endif
close_log(&ctx);
- fastd_config_release(&ctx, &conf);
+ fastd_config_release(&ctx);
return 0;
}
diff --git a/src/fastd.h b/src/fastd.h
index f1ae2d3..5cbd4d7 100644
--- a/src/fastd.h
+++ b/src/fastd.h
@@ -69,8 +69,8 @@ struct fastd_protocol {
void (*free_peer_state)(fastd_context_t *ctx, fastd_peer_t *peer);
void (*generate_key)(fastd_context_t *ctx);
- void (*show_key)(fastd_context_t *ctx);
- void (*set_shell_env)(fastd_context_t *ctx, const fastd_peer_t *peer);
+ void (*show_key)(void);
+ void (*set_shell_env)(const fastd_peer_t *peer);
bool (*describe_peer)(const fastd_context_t *ctx, const fastd_peer_t *peer, char *buf, size_t len);
};
@@ -228,9 +228,9 @@ struct fastd_config {
bool verify_config;
};
-struct fastd_context {
- const fastd_config_t *conf;
+extern fastd_config_t conf;
+struct fastd_context {
bool log_initialized;
fastd_log_fd_t *log_files;
@@ -339,18 +339,18 @@ static inline size_t alignto(size_t l, size_t a) {
static inline size_t fastd_max_inner_packet(const fastd_context_t *ctx) {
- switch (ctx->conf->mode) {
+ switch (conf.mode) {
case MODE_TAP:
- return ctx->conf->mtu+ETH_HLEN;
+ return conf.mtu+ETH_HLEN;
case MODE_TUN:
- return ctx->conf->mtu;
+ return conf.mtu;
default:
exit_bug(ctx, "invalid mode");
}
}
static inline size_t fastd_max_outer_packet(const fastd_context_t *ctx) {
- return PACKET_TYPE_LEN + fastd_max_inner_packet(ctx) + ctx->conf->max_overhead;
+ return PACKET_TYPE_LEN + fastd_max_inner_packet(ctx) + conf.max_overhead;
}
static inline bool fastd_peer_address_is_v6_ll(const fastd_peer_address_t *addr) {
diff --git a/src/handshake.c b/src/handshake.c
index 441ab5d..f6a256d 100644
--- a/src/handshake.c
+++ b/src/handshake.c
@@ -54,20 +54,20 @@ static const char *const RECORD_TYPES[RECORD_MAX] = {
#define AS_UINT16(ptr) ((*(uint8_t*)(ptr).data) + (*((uint8_t*)(ptr).data+1) << 8))
-static uint8_t* create_method_list(fastd_context_t *ctx, size_t *len) {
+static uint8_t* create_method_list(size_t *len) {
*len = 0;
size_t i;
- for (i = 0; ctx->conf->methods[i].name; i++)
- *len += strlen(ctx->conf->methods[i].name) + 1;
+ for (i = 0; conf.methods[i].name; i++)
+ *len += strlen(conf.methods[i].name) + 1;
uint8_t *ret = malloc(*len);
(*len)--;
char *ptr = (char*)ret;
- for (i = 0; ctx->conf->methods[i].name; i++)
- ptr = stpcpy(ptr, ctx->conf->methods[i].name) + 1;
+ for (i = 0; conf.methods[i].name; i++)
+ ptr = stpcpy(ptr, conf.methods[i].name) + 1;
return ret;
}
@@ -99,14 +99,14 @@ static fastd_string_stack_t* parse_string_list(const uint8_t *data, size_t len)
static fastd_buffer_t new_handshake(fastd_context_t *ctx, uint8_t type, const fastd_method_info_t *method, bool with_method_list, size_t tail_space) {
size_t version_len = strlen(FASTD_VERSION);
- size_t protocol_len = strlen(ctx->conf->protocol->name);
+ size_t protocol_len = strlen(conf.protocol->name);
size_t method_len = method ? strlen(method->name) : 0;
size_t method_list_len = 0;
uint8_t *method_list = NULL;
if (with_method_list)
- method_list = create_method_list(ctx, &method_list_len);
+ method_list = create_method_list(&method_list_len);
fastd_buffer_t buffer = fastd_buffer_alloc(ctx, sizeof(fastd_handshake_packet_t), 1,
3*5 + /* handshake type, mode, reply code */
@@ -122,13 +122,13 @@ static fastd_buffer_t new_handshake(fastd_context_t *ctx, uint8_t type, const fa
packet->tlv_len = 0;
fastd_handshake_add_uint8(ctx, &buffer, RECORD_HANDSHAKE_TYPE, type);
- fastd_handshake_add_uint8(ctx, &buffer, RECORD_MODE, ctx->conf->mode);
- fastd_handshake_add_uint16(ctx, &buffer, RECORD_MTU, ctx->conf->mtu);
+ fastd_handshake_add_uint8(ctx, &buffer, RECORD_MODE, conf.mode);
+ fastd_handshake_add_uint16(ctx, &buffer, RECORD_MTU, conf.mtu);
fastd_handshake_add(ctx, &buffer, RECORD_VERSION_NAME, version_len, FASTD_VERSION);
- fastd_handshake_add(ctx, &buffer, RECORD_PROTOCOL_NAME, protocol_len, ctx->conf->protocol->name);
+ fastd_handshake_add(ctx, &buffer, RECORD_PROTOCOL_NAME, protocol_len, conf.protocol->name);
- if (method && (!with_method_list || !ctx->conf->secure_handshakes))
+ if (method && (!with_method_list || !conf.secure_handshakes))
fastd_handshake_add(ctx, &buffer, RECORD_METHOD_NAME, method_len, method->name);
if (with_method_list) {
@@ -140,7 +140,7 @@ static fastd_buffer_t new_handshake(fastd_context_t *ctx, uint8_t type, const fa
}
fastd_buffer_t fastd_handshake_new_init(fastd_context_t *ctx, size_t tail_space) {
- return new_handshake(ctx, 1, NULL, !ctx->conf->secure_handshakes, tail_space);
+ return new_handshake(ctx, 1, NULL, !conf.secure_handshakes, tail_space);
}
fastd_buffer_t fastd_handshake_new_reply(fastd_context_t *ctx, const fastd_handshake_t *handshake, const fastd_method_info_t *method, bool with_method_list, size_t tail_space) {
@@ -244,24 +244,24 @@ static inline void print_error_reply(fastd_context_t *ctx, const fastd_peer_addr
static inline bool check_records(fastd_context_t *ctx, fastd_socket_t *sock, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *remote_addr, fastd_peer_t *peer, const fastd_handshake_t *handshake) {
if (handshake->records[RECORD_PROTOCOL_NAME].data) {
- if (!record_equal(ctx->conf->protocol->name, &handshake->records[RECORD_PROTOCOL_NAME])) {
+ if (!record_equal(conf.protocol->name, &handshake->records[RECORD_PROTOCOL_NAME])) {
send_error(ctx, sock, local_addr, remote_addr, peer, handshake, REPLY_UNACCEPTABLE_VALUE, RECORD_PROTOCOL_NAME);
return false;
}
}
if (handshake->records[RECORD_MODE].data) {
- if (handshake->records[RECORD_MODE].length != 1 || AS_UINT8(handshake->records[RECORD_MODE]) != ctx->conf->mode) {
+ if (handshake->records[RECORD_MODE].length != 1 || AS_UINT8(handshake->records[RECORD_MODE]) != conf.mode) {
send_error(ctx, sock, local_addr, remote_addr, peer, handshake, REPLY_UNACCEPTABLE_VALUE, RECORD_MODE);
return false;
}
}
- if (!ctx->conf->secure_handshakes || handshake->type > 1) {
+ if (!conf.secure_handshakes || handshake->type > 1) {
if (handshake->records[RECORD_MTU].length == 2) {
- if (AS_UINT16(handshake->records[RECORD_MTU]) != ctx->conf->mtu) {
+ if (AS_UINT16(handshake->records[RECORD_MTU]) != conf.mtu) {
pr_warn(ctx, "MTU configuration differs with peer %I: local MTU is %u, remote MTU is %u",
- remote_addr, ctx->conf->mtu, AS_UINT16(handshake->records[RECORD_MTU]));
+ remote_addr, conf.mtu, AS_UINT16(handshake->records[RECORD_MTU]));
}
}
}
@@ -281,15 +281,15 @@ static inline bool check_records(fastd_context_t *ctx, fastd_socket_t *sock, con
return true;
}
-static inline const fastd_method_info_t* get_method_by_name(fastd_context_t *ctx, const char *name, size_t n) {
+static inline const fastd_method_info_t* get_method_by_name(const char *name, size_t n) {
char name0[n+1];
memcpy(name0, name, n);
name0[n] = 0;
- return fastd_method_get_by_name(ctx, name0);
+ return fastd_method_get_by_name(name0);
}
-static inline const fastd_method_info_t* get_method(fastd_context_t *ctx, const fastd_handshake_t *handshake) {
+static inline const fastd_method_info_t* get_method(const fastd_handshake_t *handshake) {
if (handshake->records[RECORD_METHOD_LIST].data && handshake->records[RECORD_METHOD_LIST].length) {
fastd_string_stack_t *method_list = parse_string_list(handshake->records[RECORD_METHOD_LIST].data, handshake->records[RECORD_METHOD_LIST].length);
@@ -297,7 +297,7 @@ static inline const fastd_method_info_t* get_method(fastd_context_t *ctx, const
fastd_string_stack_t *method_name;
for (method_name = method_list; method_name; method_name = method_name->next) {
- const fastd_method_info_t *cur_method = fastd_method_get_by_name(ctx, method_name->str);
+ const fastd_method_info_t *cur_method = fastd_method_get_by_name(method_name->str);
if (cur_method)
method = cur_method;
@@ -311,7 +311,7 @@ static inline const fastd_method_info_t* get_method(fastd_context_t *ctx, const
if (!handshake->records[RECORD_METHOD_NAME].data)
return NULL;
- return get_method_by_name(ctx, (const char*)handshake->records[RECORD_METHOD_NAME].data, handshake->records[RECORD_METHOD_NAME].length);
+ return get_method_by_name((const char*)handshake->records[RECORD_METHOD_NAME].data, handshake->records[RECORD_METHOD_NAME].length);
}
void fastd_handshake_handle(fastd_context_t *ctx, fastd_socket_t *sock, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *remote_addr, fastd_peer_t *peer, fastd_buffer_t buffer) {
@@ -335,8 +335,8 @@ void fastd_handshake_handle(fastd_context_t *ctx, fastd_socket_t *sock, const fa
if (!check_records(ctx, sock, local_addr, remote_addr, peer, &handshake))
goto end_free;
- if (!ctx->conf->secure_handshakes || handshake.type > 1) {
- method = get_method(ctx, &handshake);
+ if (!conf.secure_handshakes || handshake.type > 1) {
+ method = get_method(&handshake);
if (handshake.records[RECORD_VERSION_NAME].data)
handshake.peer_version = peer_version = strndup((const char*)handshake.records[RECORD_VERSION_NAME].data, handshake.records[RECORD_VERSION_NAME].length);
@@ -347,7 +347,7 @@ void fastd_handshake_handle(fastd_context_t *ctx, fastd_socket_t *sock, const fa
goto end_free;
}
- ctx->conf->protocol->handshake_handle(ctx, sock, local_addr, remote_addr, peer, &handshake, method);
+ conf.protocol->handshake_handle(ctx, sock, local_addr, remote_addr, peer, &handshake, method);
end_free:
free(peer_version);
diff --git a/src/log.c b/src/log.c
index 43d8c83..aa04517 100644
--- a/src/log.c
+++ b/src/log.c
@@ -55,7 +55,7 @@ static size_t snprint_peer_address(const fastd_context_t *ctx, char *buffer, siz
return snprintf(buffer, size, "any");
case AF_INET:
- if (!bind_address && ctx->conf->hide_ip_addresses)
+ if (!bind_address && conf.hide_ip_addresses)
return snprintf_safe(buffer, size, "[hidden]:%u", ntohs(address->in.sin_port));
else if (inet_ntop(AF_INET, &address->in.sin_addr, addr_buf, sizeof(addr_buf)))
return snprintf_safe(buffer, size, "%s:%u", addr_buf, ntohs(address->in.sin_port));
@@ -63,7 +63,7 @@ static size_t snprint_peer_address(const fastd_context_t *ctx, char *buffer, siz
return 0;
case AF_INET6:
- if (!bind_address && ctx->conf->hide_ip_addresses)
+ if (!bind_address && conf.hide_ip_addresses)
return snprintf_safe(buffer, size, "[hidden]:%u", ntohs(address->in.sin_port));
if (inet_ntop(AF_INET6, &address->in6.sin6_addr, addr_buf, sizeof(addr_buf))) {
char ifname_buf[IF_NAMESIZE];
@@ -89,7 +89,7 @@ static size_t snprint_peer_str(const fastd_context_t *ctx, char *buffer, size_t
}
else {
char buf[65];
- if (ctx->conf->protocol->describe_peer(ctx, peer, buf, sizeof(buf)))
+ if (conf.protocol->describe_peer(ctx, peer, buf, sizeof(buf)))
return snprintf_safe(buffer, size, "{%s}", buf);
else
return snprintf_safe(buffer, size, "(null)");
@@ -143,7 +143,7 @@ static int fastd_vsnprintf(const fastd_context_t *ctx, char *buffer, size_t size
eth_addr = va_arg(ap, const fastd_eth_addr_t*);
if (eth_addr) {
- if (ctx->conf->hide_mac_addresses)
+ if (conf.hide_mac_addresses)
buffer += snprintf_safe(buffer, buffer_end-buffer, "[hidden]");
else
buffer += snprintf_safe(buffer, buffer_end-buffer, "%02x:%02x:%02x:%02x:%02x:%02x",
@@ -239,7 +239,7 @@ void fastd_logf(const fastd_context_t *ctx, fastd_loglevel_t level, const char *
buffer[sizeof(buffer)-1] = 0;
- if (!ctx->log_initialized || level <= ctx->conf->log_stderr_level || ctx->conf->log_files) {
+ if (!ctx->log_initialized || level <= conf.log_stderr_level || conf.log_files) {
time_t t;
struct tm tm;
@@ -250,11 +250,11 @@ void fastd_logf(const fastd_context_t *ctx, fastd_loglevel_t level, const char *
}
}
- if (!ctx->log_initialized || level <= ctx->conf->log_stderr_level)
+ if (!ctx->log_initialized || level <= conf.log_stderr_level)
fprintf(stderr, "%s%s%s\n", timestr, get_log_prefix(level), buffer);
if (ctx->log_initialized) {
- if (level <= ctx->conf->log_syslog_level)
+ if (level <= conf.log_syslog_level)
syslog(get_syslog_level(level), "%s", buffer);
fastd_log_fd_t *file;
diff --git a/src/method.h b/src/method.h
index 159d2b8..b5ff2f5 100644
--- a/src/method.h
+++ b/src/method.h
@@ -63,11 +63,11 @@ struct fastd_method_provider {
bool fastd_method_create_by_name(const char *name, const fastd_method_provider_t **provider, fastd_method_t **method);
-static inline const fastd_method_info_t* fastd_method_get_by_name(fastd_context_t *ctx, const char *name) {
+static inline const fastd_method_info_t* fastd_method_get_by_name(const char *name) {
size_t i;
- for (i = 0; ctx->conf->methods[i].name; i++) {
- if (!strcmp(ctx->conf->methods[i].name, name))
- return &ctx->conf->methods[i];
+ for (i = 0; conf.methods[i].name; i++) {
+ if (!strcmp(conf.methods[i].name, name))
+ return &conf.methods[i];
}
return NULL;
diff --git a/src/methods/cipher_test/cipher_test.c b/src/methods/cipher_test/cipher_test.c
index b33133a..0cec4b0 100644
--- a/src/methods/cipher_test/cipher_test.c
+++ b/src/methods/cipher_test/cipher_test.c
@@ -79,7 +79,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
fastd_method_common_init(ctx, &session->common, initiator);
session->method = method;
- session->cipher = fastd_cipher_get(ctx, method->cipher_info);
+ session->cipher = fastd_cipher_get(method->cipher_info);
session->cipher_state = session->cipher->init(secret);
pr_warn(ctx, "using cipher-test method; this method must be used for testing and benchmarks only");
diff --git a/src/methods/common.c b/src/methods/common.c
index 26bdf2e..166d3ab 100644
--- a/src/methods/common.c
+++ b/src/methods/common.c
@@ -30,8 +30,8 @@
void fastd_method_common_init(fastd_context_t *ctx, fastd_method_common_t *session, bool initiator) {
memset(session, 0, sizeof(*session));
- session->valid_till = fastd_in_seconds(ctx, ctx->conf->key_valid);
- session->refresh_after = fastd_in_seconds(ctx, ctx->conf->key_refresh - fastd_rand(ctx, 0, ctx->conf->key_refresh_splay));
+ session->valid_till = fastd_in_seconds(ctx, conf.key_valid);
+ session->refresh_after = fastd_in_seconds(ctx, conf.key_refresh - fastd_rand(ctx, 0, conf.key_refresh_splay));
if (initiator) {
session->send_nonce[COMMON_NONCEBYTES-1] = 3;
@@ -79,7 +79,7 @@ bool fastd_method_reorder_check(fastd_context_t *ctx, fastd_peer_t *peer, fastd_
session->receive_reorder_seen |= (1 << (shift-1));
memcpy(session->receive_nonce, nonce, COMMON_NONCEBYTES);
- session->reorder_timeout = fastd_in_seconds(ctx, ctx->conf->reorder_time);
+ session->reorder_timeout = fastd_in_seconds(ctx, conf.reorder_time);
return true;
}
else if (age == 0 || session->receive_reorder_seen & (1 << (age-1))) {
diff --git a/src/methods/common.h b/src/methods/common.h
index 4d9c4c0..510ad3f 100644
--- a/src/methods/common.h
+++ b/src/methods/common.h
@@ -73,7 +73,7 @@ static inline bool fastd_method_session_common_want_refresh(fastd_context_t *ctx
}
static inline void fastd_method_session_common_superseded(fastd_context_t *ctx, fastd_method_common_t *session) {
- struct timespec valid_max = fastd_in_seconds(ctx, ctx->conf->key_valid_old);
+ struct timespec valid_max = fastd_in_seconds(ctx, conf.key_valid_old);
if (timespec_after(&session->valid_till, &valid_max))
session->valid_till = valid_max;
diff --git a/src/methods/composed_gmac/composed_gmac.c b/src/methods/composed_gmac/composed_gmac.c
index d420f31..c848bbf 100644
--- a/src/methods/composed_gmac/composed_gmac.c
+++ b/src/methods/composed_gmac/composed_gmac.c
@@ -122,10 +122,10 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
fastd_method_common_init(ctx, &session->common, initiator);
session->method = method;
- session->cipher = fastd_cipher_get(ctx, method->cipher_info);
+ session->cipher = fastd_cipher_get(method->cipher_info);
session->cipher_state = session->cipher->init(secret);
- session->gmac_cipher = fastd_cipher_get(ctx, method->gmac_cipher_info);
+ session->gmac_cipher = fastd_cipher_get(method->gmac_cipher_info);
session->gmac_cipher_state = session->gmac_cipher->init(secret + method->cipher_info->key_length);
fastd_block128_t H;
@@ -142,7 +142,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
return NULL;
}
- session->ghash = fastd_mac_get(ctx, method->ghash_info);
+ session->ghash = fastd_mac_get(method->ghash_info);
session->ghash_state = session->ghash->init(H.b);
return session;
diff --git a/src/methods/generic_gmac/generic_gmac.c b/src/methods/generic_gmac/generic_gmac.c
index a15083b..88c1880 100644
--- a/src/methods/generic_gmac/generic_gmac.c
+++ b/src/methods/generic_gmac/generic_gmac.c
@@ -99,7 +99,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
fastd_method_common_init(ctx, &session->common, initiator);
session->method = method;
- session->cipher = fastd_cipher_get(ctx, method->cipher_info);
+ session->cipher = fastd_cipher_get(method->cipher_info);
session->cipher_state = session->cipher->init(secret);
static const fastd_block128_t zeroblock = {};
@@ -115,7 +115,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
return NULL;
}
- session->ghash = fastd_mac_get(ctx, method->ghash_info);
+ session->ghash = fastd_mac_get(method->ghash_info);
session->ghash_state = session->ghash->init(H.b);
return session;
diff --git a/src/methods/generic_poly1305/generic_poly1305.c b/src/methods/generic_poly1305/generic_poly1305.c
index d9db73f..a8eb3d1 100644
--- a/src/methods/generic_poly1305/generic_poly1305.c
+++ b/src/methods/generic_poly1305/generic_poly1305.c
@@ -88,7 +88,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
fastd_method_common_init(ctx, &session->common, initiator);
session->method = method;
- session->cipher = fastd_cipher_get(ctx, session->method->cipher_info);
+ session->cipher = fastd_cipher_get(session->method->cipher_info);
session->cipher_state = session->cipher->init(secret);
return session;
diff --git a/src/options.c b/src/options.c
index 0fb3baa..0817ed7 100644
--- a/src/options.c
+++ b/src/options.c
@@ -48,7 +48,7 @@ static void print_usage(const char *options, const char *message) {
puts(message);
}
-static void usage(fastd_context_t *ctx UNUSED, fastd_config_t *conf UNUSED) {
+static void usage(fastd_context_t *ctx UNUSED) {
puts("fastd (Fast and Secure Tunnelling Daemon) " FASTD_VERSION " usage:\n");
#define OR ", "
@@ -64,51 +64,51 @@ static void usage(fastd_context_t *ctx UNUSED, fastd_config_t *conf UNUSED) {
exit(0);
}
-static void version(fastd_context_t *ctx UNUSED, fastd_config_t *conf UNUSED) {
+static void version(fastd_context_t *ctx UNUSED) {
puts("fastd " FASTD_VERSION);
exit(0);
}
-static void option_daemon(fastd_context_t *ctx UNUSED, fastd_config_t *conf) {
- conf->daemon = true;
+static void option_daemon(fastd_context_t *ctx UNUSED) {
+ conf.daemon = true;
}
-static void option_pid_file(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) {
- free(conf->pid_file);
- conf->pid_file = strdup(arg);
+static void option_pid_file(fastd_context_t *ctx UNUSED, const char *arg) {
+ free(conf.pid_file);
+ conf.pid_file = strdup(arg);
}
-static void option_config(fastd_context_t *ctx, fastd_config_t *conf, const char *arg) {
+static void option_config(fastd_context_t *ctx, const char *arg) {
if (!strcmp(arg, "-"))
arg = NULL;
- if (!fastd_read_config(ctx, conf, arg, false, 0))
+ if (!fastd_read_config(ctx, arg, false, 0))
exit(1);
}
-static void option_config_peer(fastd_context_t *ctx, fastd_config_t *conf, const char *arg) {
- fastd_peer_config_new(ctx, conf);
+static void option_config_peer(fastd_context_t *ctx, const char *arg) {
+ fastd_peer_config_new(ctx);
- if(!fastd_read_config(ctx, conf, arg, true, 0))
+ if(!fastd_read_config(ctx, arg, true, 0))
exit(1);
}
-static void option_config_peer_dir(fastd_context_t *ctx, fastd_config_t *conf, const char *arg) {
- fastd_add_peer_dir(ctx, conf, arg);
+static void option_config_peer_dir(fastd_context_t *ctx, const char *arg) {
+ fastd_add_peer_dir(ctx, arg);
}
#ifdef WITH_CMDLINE_USER
-static void option_user(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) {
- free(conf->user);
- conf->user = strdup(arg);
+static void option_user(fastd_context_t *ctx UNUSED, const char *arg) {
+ free(conf.user);
+ conf.user = strdup(arg);
}
-static void option_group(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) {
- free(conf->group);
- conf->group = strdup(arg);
+static void option_group(fastd_context_t *ctx UNUSED, const char *arg) {
+ free(conf.group);
+ conf.group = strdup(arg);
}
#endif
@@ -134,56 +134,56 @@ static int parse_log_level(fastd_context_t *ctx, const char *arg) {
exit_error(ctx, "invalid log level `%s'", arg);
}
-static void option_log_level(fastd_context_t *ctx, fastd_config_t *conf, const char *arg) {
- conf->log_stderr_level = parse_log_level(ctx, arg);
+static void option_log_level(fastd_context_t *ctx, const char *arg) {
+ conf.log_stderr_level = parse_log_level(ctx, arg);
}
-static void option_syslog_level(fastd_context_t *ctx, fastd_config_t *conf, const char *arg) {
- conf->log_syslog_level = parse_log_level(ctx, arg);
+static void option_syslog_level(fastd_context_t *ctx, const char *arg) {
+ conf.log_syslog_level = parse_log_level(ctx, arg);
}
-static void option_syslog_ident(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) {
- free(conf->log_syslog_ident);
- conf->log_syslog_ident = strdup(arg);
+static void option_syslog_ident(fastd_context_t *ctx UNUSED, const char *arg) {
+ free(conf.log_syslog_ident);
+ conf.log_syslog_ident = strdup(arg);
}
-static void option_hide_ip_addresses(fastd_context_t *ctx UNUSED, fastd_config_t *conf) {
- conf->hide_ip_addresses = true;
+static void option_hide_ip_addresses(fastd_context_t *ctx UNUSED) {
+ conf.hide_ip_addresses = true;
}
-static void option_hide_mac_addresses(fastd_context_t *ctx UNUSED, fastd_config_t *conf) {
- conf->hide_mac_addresses = true;
+static void option_hide_mac_addresses(fastd_context_t *ctx UNUSED) {
+ conf.hide_mac_addresses = true;
}
#endif
#ifdef WITH_CMDLINE_OPERATION
-static void option_mode(fastd_context_t *ctx, fastd_config_t *conf, const char *arg) {
+static void option_mode(fastd_context_t *ctx, const char *arg) {
if (!strcmp(arg, "tap"))
- conf->mode = MODE_TAP;
+ conf.mode = MODE_TAP;
else if (!strcmp(arg, "tun"))
- conf->mode = MODE_TUN;
+ conf.mode = MODE_TUN;
else
exit_error(ctx, "invalid mode `%s'", arg);
}
-static void option_interface(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) {
- free(conf->ifname);
- conf->ifname = strdup(arg);
+static void option_interface(fastd_context_t *ctx UNUSED, const char *arg) {
+ free(conf.ifname);
+ conf.ifname = strdup(arg);
}
-static void option_mtu(fastd_context_t *ctx, fastd_config_t *conf, const char *arg) {
+static void option_mtu(fastd_context_t *ctx, const char *arg) {
char *endptr;
long mtu = strtol(arg, &endptr, 10);
if (*endptr || mtu < 576 || mtu > 65535)
exit_error(ctx, "invalid mtu `%s'", arg);
- conf->mtu = mtu;
+ conf.mtu = mtu;
}
-static void option_bind(fastd_context_t *ctx, fastd_config_t *conf, const char *arg) {
+static void option_bind(fastd_context_t *ctx, const char *arg) {
long l;
char *charptr;
char *endptr;
@@ -250,75 +250,75 @@ static void option_bind(fastd_context_t *ctx, fastd_config_t *conf, const char *
free(addrstr);
- fastd_config_bind_address(ctx, conf, &addr, ifname, false, false);
+ fastd_config_bind_address(ctx, &addr, ifname, false, false);
}
-static void option_protocol(fastd_context_t *ctx, fastd_config_t *conf, const char *arg) {
- fastd_config_protocol(ctx, conf, arg);
+static void option_protocol(fastd_context_t *ctx, const char *arg) {
+ fastd_config_protocol(ctx, arg);
}
-static void option_method(fastd_context_t *ctx, fastd_config_t *conf, const char *arg) {
- fastd_config_method(ctx, conf, arg);
+static void option_method(fastd_context_t *ctx, const char *arg) {
+ fastd_config_method(ctx, arg);
}
-static void option_forward(fastd_context_t *ctx UNUSED, fastd_config_t *conf) {
- conf->forward = true;
+static void option_forward(fastd_context_t *ctx UNUSED) {
+ conf.forward = true;
}
#endif
#ifdef WITH_CMDLINE_COMMANDS
-static void option_on_pre_up(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) {
- fastd_shell_command_set(&conf->on_pre_up, arg, true);
+static void option_on_pre_up(fastd_context_t *ctx UNUSED, const char *arg) {
+ fastd_shell_command_set(&conf.on_pre_up, arg, true);
}
-static void option_on_up(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) {
- fastd_shell_command_set(&conf->on_up, arg, true);
+static void option_on_up(fastd_context_t *ctx UNUSED, const char *arg) {
+ fastd_shell_command_set(&conf.on_up, arg, true);
}
-static void option_on_down(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) {
- fastd_shell_command_set(&conf->on_down, arg, true);
+static void option_on_down(fastd_context_t *ctx UNUSED, const char *arg) {
+ fastd_shell_command_set(&conf.on_down, arg, true);
}
-static void option_on_post_down(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) {
- fastd_shell_command_set(&conf->on_post_down, arg, true);
+static void option_on_post_down(fastd_context_t *ctx UNUSED, const char *arg) {
+ fastd_shell_command_set(&conf.on_post_down, arg, true);
}
-static void option_on_connect(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) {
- fastd_shell_command_set(&conf->on_connect, arg, false);
+static void option_on_connect(fastd_context_t *ctx UNUSED, const char *arg) {
+ fastd_shell_command_set(&conf.on_connect, arg, false);
}
-static void option_on_establish(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) {
- fastd_shell_command_set(&conf->on_establish, arg, false);
+static void option_on_establish(fastd_context_t *ctx UNUSED, const char *arg) {
+ fastd_shell_command_set(&conf.on_establish, arg, false);
}
-static void option_on_disestablish(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) {
- fastd_shell_command_set(&conf->on_disestablish, arg, false);
+static void option_on_disestablish(fastd_context_t *ctx UNUSED, const char *arg) {
+ fastd_shell_command_set(&conf.on_disestablish, arg, false);
}
-static void option_on_verify(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) {
- fastd_shell_command_set(&conf->on_verify, arg, false);
+static void option_on_verify(fastd_context_t *ctx UNUSED, const char *arg) {
+ fastd_shell_command_set(&conf.on_verify, arg, false);
}
#endif
-static void option_verify_config(fastd_context_t *ctx UNUSED, fastd_config_t *conf) {
- conf->verify_config = true;
+static void option_verify_config(fastd_context_t *ctx UNUSED) {
+ conf.verify_config = true;
}
-static void option_generate_key(fastd_context_t *ctx UNUSED, fastd_config_t *conf) {
- conf->generate_key = true;
- conf->show_key = false;
+static void option_generate_key(fastd_context_t *ctx UNUSED) {
+ conf.generate_key = true;
+ conf.show_key = false;
}
-static void option_show_key(fastd_context_t *ctx UNUSED, fastd_config_t *conf) {
- conf->generate_key = false;
- conf->show_key = true;
+static void option_show_key(fastd_context_t *ctx UNUSED) {
+ conf.generate_key = false;
+ conf.show_key = true;
}
-static void option_machine_readable(fastd_context_t *ctx UNUSED, fastd_config_t *conf) {
- conf->machine_readable = true;
+static void option_machine_readable(fastd_context_t *ctx UNUSED) {
+ conf.machine_readable = true;
}
@@ -341,7 +341,7 @@ static bool config_match(const char *opt, ...) {
return match;
}
-void fastd_config_handle_options(fastd_context_t *ctx, fastd_config_t *conf, int argc, char *const argv[]) {
+void fastd_config_handle_options(fastd_context_t *ctx, int argc, char *const argv[]) {
int i = 1;
while (i < argc) {
@@ -351,7 +351,7 @@ void fastd_config_handle_options(fastd_context_t *ctx, fastd_config_t *conf, int
({ \
if(config_match(argv[i], options, NULL)) { \
i++; \
- func(ctx, conf); \
+ func(ctx); \
continue; \
} \
})
@@ -361,7 +361,7 @@ void fastd_config_handle_options(fastd_context_t *ctx, fastd_config_t *conf, int
i+=2; \
if (i > argc) \
exit_error(ctx, "command line error: option `%s' needs an argument; see --help for usage", argv[i-2]); \
- func(ctx, conf, argv[i-1]); \
+ func(ctx, argv[i-1]); \
continue; \
} \
})
diff --git a/src/peer.c b/src/peer.c
index 47b1370..9193441 100644
--- a/src/peer.c
+++ b/src/peer.c
@@ -33,11 +33,11 @@
static inline void on_establish(fastd_context_t *ctx, const fastd_peer_t *peer) {
- fastd_shell_command_exec(ctx, &ctx->conf->on_establish, peer, &peer->local_address, &peer->address);
+ fastd_shell_command_exec(ctx, &conf.on_establish, peer, &peer->local_address, &peer->address);
}
static inline void on_disestablish(fastd_context_t *ctx, const fastd_peer_t *peer) {
- fastd_shell_command_exec(ctx, &ctx->conf->on_disestablish, peer, &peer->local_address, &peer->address);
+ fastd_shell_command_exec(ctx, &conf.on_disestablish, peer, &peer->local_address, &peer->address);
}
static inline void free_socket(fastd_context_t *ctx, fastd_peer_t *peer) {
@@ -175,7 +175,7 @@ static void reset_peer(fastd_context_t *ctx, fastd_peer_t *peer) {
memset(&peer->local_address, 0, sizeof(peer->local_address));
- ctx->conf->protocol->reset_peer_state(ctx, peer);
+ conf.protocol->reset_peer_state(ctx, peer);
size_t i, deleted = 0;
for (i = 0; i < VECTOR_LEN(ctx->eth_addrs); i++) {
@@ -240,7 +240,7 @@ static void setup_peer(fastd_context_t *ctx, fastd_peer_t *peer) {
peer->establish_handshake_timeout = ctx->now;
if (!peer->protocol_state)
- ctx->conf->protocol->init_peer_state(ctx, peer);
+ conf.protocol->init_peer_state(ctx, peer);
if (peer->next_remote) {
peer->next_remote->current_address = 0;
@@ -278,7 +278,7 @@ static void delete_peer(fastd_context_t *ctx, fastd_peer_t *peer) {
fastd_peer_hashtable_remove(ctx, peer);
- ctx->conf->protocol->free_peer_state(ctx, peer);
+ conf.protocol->free_peer_state(ctx, peer);
if (!peer->config)
free(peer->protocol_config);
@@ -294,13 +294,13 @@ static void delete_peer(fastd_context_t *ctx, fastd_peer_t *peer) {
}
-fastd_peer_config_t* fastd_peer_config_new(fastd_context_t *ctx UNUSED, fastd_config_t *conf) {
+fastd_peer_config_t* fastd_peer_config_new(fastd_context_t *ctx UNUSED) {
fastd_peer_config_t *peer = calloc(1, sizeof(fastd_peer_config_t));
- peer->group = conf->peer_group;
+ peer->group = conf.peer_group;
- peer->next = conf->peers;
- conf->peers = peer;
+ peer->next = conf.peers;
+ conf.peers = peer;
return peer;
}
@@ -320,24 +320,24 @@ void fastd_peer_config_free(fastd_peer_config_t *peer) {
free(peer);
}
-void fastd_peer_config_delete(fastd_context_t *ctx UNUSED, fastd_config_t *conf) {
- fastd_peer_config_t *peer = conf->peers, *next = peer->next;
+void fastd_peer_config_delete(fastd_context_t *ctx UNUSED) {
+ fastd_peer_config_t *peer = conf.peers, *next = peer->next;
fastd_peer_config_free(peer);
- conf->peers = next;
+ conf.peers = next;
}
-void fastd_peer_config_purge(fastd_context_t *ctx, fastd_peer_config_t *conf) {
+void fastd_peer_config_purge(fastd_context_t *ctx, fastd_peer_config_t *config) {
size_t i;
for (i = 0; i < VECTOR_LEN(ctx->peers); i++) {
fastd_peer_t *peer = VECTOR_INDEX(ctx->peers, i);
- if (peer->config == conf) {
+ if (peer->config == config) {
fastd_peer_delete(ctx, peer);
break;
}
}
- fastd_peer_config_free(conf);
+ fastd_peer_config_free(config);
}
bool fastd_peer_address_equal(const fastd_peer_address_t *addr1, const fastd_peer_address_t *addr2) {
@@ -590,7 +590,7 @@ fastd_peer_t* fastd_peer_add(fastd_context_t *ctx, fastd_peer_config_t *peer_con
}
fastd_peer_t* fastd_peer_add_temporary(fastd_context_t *ctx) {
- if (!fastd_shell_command_isset(&ctx->conf->on_verify))
+ if (!fastd_shell_command_isset(&conf.on_verify))
exit_bug(ctx, "tried to add temporary peer without on-verify command");
fastd_peer_t *peer = calloc(1, sizeof(fastd_peer_t));
@@ -608,13 +608,13 @@ fastd_peer_t* fastd_peer_add_temporary(fastd_context_t *ctx) {
}
bool fastd_peer_verify_temporary(fastd_context_t *ctx, fastd_peer_t *peer, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *peer_addr) {
- if (!fastd_shell_command_isset(&ctx->conf->on_verify))
+ if (!fastd_shell_command_isset(&conf.on_verify))
exit_bug(ctx, "tried to verify temporary peer without on-verify command");
/* TODO: async not supported yet */
int ret;
- if (!fastd_shell_command_exec_sync(ctx, &ctx->conf->on_verify, peer, local_addr, peer_addr, &ret))
+ if (!fastd_shell_command_exec_sync(ctx, &conf.on_verify, peer, local_addr, peer_addr, &ret))
return false;
if (WIFSIGNALED(ret)) {
@@ -649,7 +649,7 @@ void fastd_peer_set_established(fastd_context_t *ctx, fastd_peer_t *peer) {
fastd_eth_addr_t fastd_get_source_address(const fastd_context_t *ctx, fastd_buffer_t buffer) {
fastd_eth_addr_t ret;
- switch (ctx->conf->mode) {
+ switch (conf.mode) {
case MODE_TAP:
memcpy(&ret, buffer.data+offsetof(struct ethhdr, h_source), ETH_ALEN);
return ret;
@@ -660,7 +660,7 @@ fastd_eth_addr_t fastd_get_source_address(const fastd_context_t *ctx, fastd_buff
fastd_eth_addr_t fastd_get_dest_address(const fastd_context_t *ctx, fastd_buffer_t buffer) {
fastd_eth_addr_t ret;
- switch (ctx->conf->mode) {
+ switch (conf.mode) {
case MODE_TAP:
memcpy(&ret, buffer.data+offsetof(struct ethhdr, h_dest), ETH_ALEN);
return ret;
@@ -715,7 +715,7 @@ void fastd_peer_eth_addr_add(fastd_context_t *ctx, fastd_peer_t *peer, fastd_eth
if (cmp == 0) {
VECTOR_INDEX(ctx->eth_addrs, cur).peer = peer;
- VECTOR_INDEX(ctx->eth_addrs, cur).timeout = fastd_in_seconds(ctx, ctx->conf->eth_addr_stale_time);
+ VECTOR_INDEX(ctx->eth_addrs, cur).timeout = fastd_in_seconds(ctx, conf.eth_addr_stale_time);
return; /* We're done here. */
}
else if (cmp < 0) {
@@ -726,7 +726,7 @@ void fastd_peer_eth_addr_add(fastd_context_t *ctx, fastd_peer_t *peer, fastd_eth
}
}
- VECTOR_INSERT(ctx->eth_addrs, ((fastd_peer_eth_addr_t) {addr, peer, fastd_in_seconds(ctx, ctx->conf->eth_addr_stale_time)}), min);
+ VECTOR_INSERT(ctx->eth_addrs, ((fastd_peer_eth_addr_t) {addr, peer, fastd_in_seconds(ctx, conf.eth_addr_stale_time)}), min);
pr_debug(ctx, "learned new MAC address %E on peer %P", &addr, peer);
}
@@ -738,7 +738,7 @@ void fastd_peer_eth_addr_cleanup(fastd_context_t *ctx) {
if (fastd_timed_out(ctx, &VECTOR_INDEX(ctx->eth_addrs, i).timeout)) {
deleted++;
pr_debug(ctx, "MAC address %E not seen for more than %u seconds, removing",
- &VECTOR_INDEX(ctx->eth_addrs, i).addr, ctx->conf->eth_addr_stale_time);
+ &VECTOR_INDEX(ctx->eth_addrs, i).addr, conf.eth_addr_stale_time);
}
else if (deleted) {
VECTOR_INDEX(ctx->eth_addrs, i-deleted) = VECTOR_INDEX(ctx->eth_addrs, i);
diff --git a/src/peer.h b/src/peer.h
index 2d3c2f3..8d1afa2 100644
--- a/src/peer.h
+++ b/src/peer.h
@@ -122,15 +122,15 @@ static inline uint16_t fastd_peer_address_get_port(const fastd_peer_address_t *a
}
}
-fastd_peer_config_t* fastd_peer_config_new(fastd_context_t *ctx, fastd_config_t *conf);
+fastd_peer_config_t* fastd_peer_config_new(fastd_context_t *ctx);
void fastd_peer_config_free(fastd_peer_config_t *peer);
-void fastd_peer_config_delete(fastd_context_t *ctx, fastd_config_t *conf);
-void fastd_peer_config_purge(fastd_context_t *ctx, fastd_peer_config_t *conf);
+void fastd_peer_config_delete(fastd_context_t *ctx);
+void fastd_peer_config_purge(fastd_context_t *ctx, fastd_peer_config_t *config);
bool fastd_peer_config_equal(const fastd_peer_config_t *peer1, const fastd_peer_config_t *peer2);
void fastd_peer_reset(fastd_context_t *ctx, fastd_peer_t *peer);
void fastd_peer_delete(fastd_context_t *ctx, fastd_peer_t *peer);
-fastd_peer_t* fastd_peer_add(fastd_context_t *ctx, fastd_peer_config_t *conf);
+fastd_peer_t* fastd_peer_add(fastd_context_t *ctx, fastd_peer_config_t *peer_conf);
fastd_peer_t* fastd_peer_add_temporary(fastd_context_t *ctx);
bool fastd_peer_verify_temporary(fastd_context_t *ctx, fastd_peer_t *peer, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *peer_addr);
void fastd_peer_enable_temporary(fastd_context_t *ctx, fastd_peer_t *peer);
@@ -198,7 +198,7 @@ static inline bool fastd_remote_is_dynamic(const fastd_remote_t *remote) {
}
static inline void fastd_peer_seen(fastd_context_t *ctx, fastd_peer_t *peer) {
- peer->timeout = fastd_in_seconds(ctx, ctx->conf->peer_stale_time);
+ peer->timeout = fastd_in_seconds(ctx, conf.peer_stale_time);
}
static inline bool fastd_peer_is_socket_dynamic(const fastd_peer_t *peer) {
diff --git a/src/poll.c b/src/poll.c
index 150f2ca..7fd6b6b 100644
--- a/src/poll.c
+++ b/src/poll.c
@@ -35,8 +35,8 @@
#endif
-static inline bool handle_tun_tap(fastd_context_t *ctx, fastd_buffer_t buffer) {
- if (ctx->conf->mode != MODE_TAP)
+static inline bool handle_tap(fastd_context_t *ctx, fastd_buffer_t buffer) {
+ if (conf.mode != MODE_TAP)
return false;
if (buffer.len < ETH_HLEN) {
@@ -54,16 +54,16 @@ static inline bool handle_tun_tap(fastd_context_t *ctx, fastd_buffer_t buffer) {
if (!peer)
return false;
- ctx->conf->protocol->send(ctx, peer, buffer);
+ conf.protocol->send(ctx, peer, buffer);
return true;
}
-static void handle_tun(fastd_context_t *ctx) {
+static void handle_tuntap(fastd_context_t *ctx) {
fastd_buffer_t buffer = fastd_tuntap_read(ctx);
if (!buffer.len)
return;
- if (handle_tun_tap(ctx, buffer))
+ if (handle_tap(ctx, buffer))
return;
/* TUN mode or multicast packet */
@@ -173,7 +173,7 @@ void fastd_poll_handle(fastd_context_t *ctx) {
for (i = 0; i < (size_t)ret; i++) {
if (events[i].data.ptr == &ctx->tunfd) {
if (events[i].events & EPOLLIN)
- handle_tun(ctx);
+ handle_tuntap(ctx);
}
else if (events[i].data.ptr == &ctx->async_rfd) {
if (events[i].events & EPOLLIN)
@@ -280,7 +280,7 @@ void fastd_poll_handle(fastd_context_t *ctx) {
fastd_update_time(ctx);
if (VECTOR_INDEX(ctx->pollfds, 0).revents & POLLIN)
- handle_tun(ctx);
+ handle_tuntap(ctx);
if (VECTOR_INDEX(ctx->pollfds, 1).revents & POLLIN)
fastd_async_handle(ctx);
diff --git a/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.c b/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.c
index 735a0ea..698746b 100644
--- a/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.c
+++ b/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.c
@@ -52,10 +52,10 @@ static inline void check_session_refresh(fastd_context_t *ctx, fastd_peer_t *pee
static fastd_protocol_config_t* protocol_init(fastd_context_t *ctx) {
fastd_protocol_config_t *protocol_config = malloc(sizeof(fastd_protocol_config_t));
- if (!ctx->conf->secret)
+ if (!conf.secret)
exit_error(ctx, "no secret key configured");
- if (!read_key(protocol_config->key.secret.p, ctx->conf->secret))
+ if (!read_key(protocol_config->key.secret.p, conf.secret))
exit_error(ctx, "invalid secret key");
ecc_25519_work_t work;
@@ -92,7 +92,7 @@ static void protocol_peer_configure(fastd_context_t *ctx, fastd_peer_config_t *p
peer_conf->protocol_config = malloc(sizeof(fastd_protocol_peer_config_t));
peer_conf->protocol_config->public_key = key;
- if (memcmp(&peer_conf->protocol_config->public_key, &ctx->conf->protocol_config->key.public, 32) == 0)
+ if (memcmp(&peer_conf->protocol_config->public_key, &conf.protocol_config->key.public, 32) == 0)
pr_debug(ctx, "found own key as `%s', ignoring peer", peer_conf->name);
}
@@ -169,7 +169,7 @@ static void session_send(fastd_context_t *ctx, fastd_peer_t *peer, fastd_buffer_
}
fastd_send(ctx, peer->sock, &peer->local_address, &peer->address, peer, send_buffer, stat_size);
- peer->keepalive_timeout = fastd_in_seconds(ctx, ctx->conf->keepalive_timeout);
+ peer->keepalive_timeout = fastd_in_seconds(ctx, conf.keepalive_timeout);
}
static void protocol_send(fastd_context_t *ctx, fastd_peer_t *peer, fastd_buffer_t buffer) {
diff --git a/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h b/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h
index 19d2cbf..be316db 100644
--- a/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h
+++ b/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h
@@ -90,8 +90,8 @@ void fastd_protocol_ec25519_fhmqvc_handshake_handle(fastd_context_t *ctx, fastd_
void fastd_protocol_ec25519_fhmqvc_send_empty(fastd_context_t *ctx, fastd_peer_t *peer, protocol_session_t *session);
void fastd_protocol_ec25519_fhmqvc_generate_key(fastd_context_t *ctx);
-void fastd_protocol_ec25519_fhmqvc_show_key(fastd_context_t *ctx);
-void fastd_protocol_ec25519_fhmqvc_set_shell_env(fastd_context_t *ctx, const fastd_peer_t *peer);
+void fastd_protocol_ec25519_fhmqvc_show_key(void);
+void fastd_protocol_ec25519_fhmqvc_set_shell_env(const fastd_peer_t *peer);
bool fastd_protocol_ec25519_fhmqvc_describe_peer(const fastd_context_t *ctx UNUSED, const fastd_peer_t *peer, char *buf, size_t len);
diff --git a/src/protocols/ec25519_fhmqvc/handshake.c b/src/protocols/ec25519_fhmqvc/handshake.c
index ef601df..dda798b 100644
--- a/src/protocols/ec25519_fhmqvc/handshake.c
+++ b/src/protocols/ec25519_fhmqvc/handshake.c
@@ -149,7 +149,7 @@ static bool establish(fastd_context_t *ctx, fastd_peer_t *peer, const fastd_meth
return false;
}
- peer->establish_handshake_timeout = fastd_in_seconds(ctx, ctx->conf->min_handshake_interval);
+ peer->establish_handshake_timeout = fastd_in_seconds(ctx, conf.min_handshake_interval);
fastd_peer_seen(ctx, peer);
fastd_peer_set_established(ctx, peer);
@@ -173,7 +173,7 @@ static inline bool secure_handshake(const fastd_handshake_t *handshake) {
}
-static bool make_shared_handshake_key(fastd_context_t *ctx, const ecc_int256_t *handshake_key, bool initiator,
+static bool make_shared_handshake_key(const ecc_int256_t *handshake_key, bool initiator,
const aligned_int256_t *A, const aligned_int256_t *B,
const aligned_int256_t *X, const aligned_int256_t *Y,
aligned_int256_t *sigma,
@@ -206,14 +206,14 @@ static bool make_shared_handshake_key(fastd_context_t *ctx, const ecc_int256_t *
if (initiator) {
ecc_int256_t da;
- ecc_25519_gf_mult(&da, &d, &ctx->conf->protocol_config->key.secret);
+ ecc_25519_gf_mult(&da, &d, &conf.protocol_config->key.secret);
ecc_25519_gf_add(&s, &da, handshake_key);
ecc_25519_scalarmult(&work, &e, &work);
}
else {
ecc_int256_t eb;
- ecc_25519_gf_mult(&eb, &e, &ctx->conf->protocol_config->key.secret);
+ ecc_25519_gf_mult(&eb, &e, &conf.protocol_config->key.secret);
ecc_25519_gf_add(&s, &eb, handshake_key);
ecc_25519_scalarmult(&work, &d, &work);
@@ -236,17 +236,17 @@ static bool make_shared_handshake_key(fastd_context_t *ctx, const ecc_int256_t *
return true;
}
-static bool update_shared_handshake_key(fastd_context_t *ctx, const fastd_peer_t *peer, const handshake_key_t *handshake_key, const aligned_int256_t *peer_handshake_key) {
+static bool update_shared_handshake_key(const fastd_peer_t *peer, const handshake_key_t *handshake_key, const aligned_int256_t *peer_handshake_key) {
if (peer->protocol_state->last_handshake_serial == handshake_key->serial) {
if (memcmp(&peer->protocol_state->peer_handshake_key, peer_handshake_key, PUBLICKEYBYTES) == 0)
return true;
}
- bool compat = !ctx->conf->secure_handshakes;
+ bool compat = !conf.secure_handshakes;
- if (!make_shared_handshake_key(ctx, &handshake_key->key.secret, false,
+ if (!make_shared_handshake_key(&handshake_key->key.secret, false,
&peer->protocol_config->public_key,
- &ctx->conf->protocol_config->key.public,
+ &conf.protocol_config->key.public,
peer_handshake_key,
&handshake_key->key.public,
&peer->protocol_state->sigma,
@@ -273,20 +273,20 @@ static void respond_handshake(fastd_context_t *ctx, const fastd_socket_t *sock,
const handshake_key_t *handshake_key, const aligned_int256_t *peer_handshake_key, const fastd_handshake_t *handshake, const fastd_method_info_t *method) {
pr_debug(ctx, "responding handshake with %P[%I]...", peer, remote_addr);
- if (!update_shared_handshake_key(ctx, peer, handshake_key, peer_handshake_key))
+ if (!update_shared_handshake_key(peer, handshake_key, peer_handshake_key))
return;
fastd_buffer_t buffer = fastd_handshake_new_reply(ctx, handshake, method, true, 4*(4+PUBLICKEYBYTES) + 2*(4+HASHBYTES));
- fastd_handshake_add(ctx, &buffer, RECORD_SENDER_KEY, PUBLICKEYBYTES, &ctx->conf->protocol_config->key.public);
+ fastd_handshake_add(ctx, &buffer, RECORD_SENDER_KEY, PUBLICKEYBYTES, &conf.protocol_config->key.public);
fastd_handshake_add(ctx, &buffer, RECORD_RECEIPIENT_KEY, PUBLICKEYBYTES, &peer->protocol_config->public_key);
fastd_handshake_add(ctx, &buffer, RECORD_SENDER_HANDSHAKE_KEY, PUBLICKEYBYTES, &handshake_key->key.public);
fastd_handshake_add(ctx, &buffer, RECORD_RECEIPIENT_HANDSHAKE_KEY, PUBLICKEYBYTES, peer_handshake_key);
fastd_sha256_t hmacbuf;
- if (!ctx->conf->secure_handshakes) {
- fastd_hmacsha256_blocks(&hmacbuf, peer->protocol_state->shared_handshake_key_compat.w, ctx->conf->protocol_config->key.public.u32, handshake_key->key.public.u32, NULL);
+ if (!conf.secure_handshakes) {
+ fastd_hmacsha256_blocks(&hmacbuf, peer->protocol_state->shared_handshake_key_compat.w, conf.protocol_config->key.public.u32, handshake_key->key.public.u32, NULL);
fastd_handshake_add(ctx, &buffer, RECORD_T, HASHBYTES, hmacbuf.b);
}
@@ -305,8 +305,8 @@ static void finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, const f
aligned_int256_t sigma;
fastd_sha256_t shared_handshake_key, shared_handshake_key_compat;
- if (!make_shared_handshake_key(ctx, &handshake_key->key.secret, true,
- &ctx->conf->protocol_config->key.public,
+ if (!make_shared_handshake_key(&handshake_key->key.secret, true,
+ &conf.protocol_config->key.public,
&peer->protocol_config->public_key,
&handshake_key->key.public,
peer_handshake_key,
@@ -332,13 +332,13 @@ static void finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, const f
return;
}
- if (!establish(ctx, peer, method, sock, local_addr, remote_addr, true, &handshake_key->key.public, peer_handshake_key, &ctx->conf->protocol_config->key.public,
+ if (!establish(ctx, peer, method, sock, local_addr, remote_addr, true, &handshake_key->key.public, peer_handshake_key, &conf.protocol_config->key.public,
&peer->protocol_config->public_key, &sigma, compat ? NULL : shared_handshake_key.w, handshake_key->serial))
return;
fastd_buffer_t buffer = fastd_handshake_new_reply(ctx, handshake, method, false, 4*(4+PUBLICKEYBYTES) + 2*(4+HASHBYTES));
- fastd_handshake_add(ctx, &buffer, RECORD_SENDER_KEY, PUBLICKEYBYTES, &ctx->conf->protocol_config->key.public);
+ fastd_handshake_add(ctx, &buffer, RECORD_SENDER_KEY, PUBLICKEYBYTES, &conf.protocol_config->key.public);
fastd_handshake_add(ctx, &buffer, RECORD_RECEIPIENT_KEY, PUBLICKEYBYTES, &peer->protocol_config->public_key);
fastd_handshake_add(ctx, &buffer, RECORD_SENDER_HANDSHAKE_KEY, PUBLICKEYBYTES, &handshake_key->key.public);
fastd_handshake_add(ctx, &buffer, RECORD_RECEIPIENT_HANDSHAKE_KEY, PUBLICKEYBYTES, peer_handshake_key);
@@ -351,7 +351,7 @@ static void finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, const f
}
else {
fastd_sha256_t hmacbuf;
- fastd_hmacsha256_blocks(&hmacbuf, shared_handshake_key_compat.w, ctx->conf->protocol_config->key.public.u32, handshake_key->key.public.u32, NULL);
+ fastd_hmacsha256_blocks(&hmacbuf, shared_handshake_key_compat.w, conf.protocol_config->key.public.u32, handshake_key->key.public.u32, NULL);
fastd_handshake_add(ctx, &buffer, RECORD_T, HASHBYTES, hmacbuf.b);
}
@@ -365,7 +365,7 @@ static void handle_finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock,
bool compat = !secure_handshake(handshake);
- if (!update_shared_handshake_key(ctx, peer, handshake_key, peer_handshake_key))
+ if (!update_shared_handshake_key(peer, handshake_key, peer_handshake_key))
return;
bool valid;
@@ -386,7 +386,7 @@ static void handle_finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock,
}
establish(ctx, peer, method, sock, local_addr, remote_addr, false, peer_handshake_key, &handshake_key->key.public, &peer->protocol_config->public_key,
- &ctx->conf->protocol_config->key.public, &peer->protocol_state->sigma, compat ? NULL : peer->protocol_state->shared_handshake_key.w, handshake_key->serial);
+ &conf.protocol_config->key.public, &peer->protocol_state->sigma, compat ? NULL : peer->protocol_state->shared_handshake_key.w, handshake_key->serial);
clear_shared_handshake_key(ctx, peer);
}
@@ -441,11 +441,11 @@ static fastd_peer_t* match_sender_key(fastd_context_t *ctx, const fastd_socket_t
return find_sender_key(ctx, address, key);
}
-static size_t key_count(fastd_context_t *ctx, const unsigned char key[32]) {
+static size_t key_count(const unsigned char key[32]) {
size_t ret = 0;
fastd_peer_config_t *p;
- for (p = ctx->conf->peers; p; p = p->next) {
+ for (p = conf.peers; p; p = p->next) {
if (!p->protocol_config)
continue;
@@ -460,10 +460,10 @@ bool fastd_protocol_ec25519_fhmqvc_peer_check(fastd_context_t *ctx, fastd_peer_c
if (!peer_conf->protocol_config)
return false;
- if (memcmp(&peer_conf->protocol_config->public_key, &ctx->conf->protocol_config->key.public, 32) == 0)
+ if (memcmp(&peer_conf->protocol_config->public_key, &conf.protocol_config->key.public, 32) == 0)
return false;
- if (key_count(ctx, peer_conf->protocol_config->public_key.u8) > 1) {
+ if (key_count(peer_conf->protocol_config->public_key.u8) > 1) {
char buf[65];
hexdump(buf, peer_conf->protocol_config->public_key.u8);
pr_warn(ctx, "more than one peer is configured with key %s, disabling %s", buf, peer_conf->name);
@@ -474,7 +474,7 @@ bool fastd_protocol_ec25519_fhmqvc_peer_check(fastd_context_t *ctx, fastd_peer_c
}
bool fastd_protocol_ec25519_fhmqvc_peer_check_temporary(fastd_context_t *ctx, fastd_peer_t *peer) {
- if (key_count(ctx, peer->protocol_config->public_key.u8)) {
+ if (key_count(peer->protocol_config->public_key.u8)) {
char buf[65];
hexdump(buf, peer->protocol_config->public_key.u8);
pr_info(ctx, "key %s is configured now, deleting temporary peer.", buf);
@@ -484,17 +484,17 @@ bool fastd_protocol_ec25519_fhmqvc_peer_check_temporary(fastd_context_t *ctx, fa
return true;
}
-static inline bool allow_unknown(fastd_context_t *ctx) {
- return fastd_shell_command_isset(&ctx->conf->on_verify);
+static inline bool allow_unknown(void) {
+ return fastd_shell_command_isset(&conf.on_verify);
}
static inline fastd_peer_t* add_temporary(fastd_context_t *ctx, const fastd_peer_address_t *addr, const unsigned char key[32]) {
- if (!allow_unknown(ctx)) {
+ if (!allow_unknown()) {
pr_debug(ctx, "ignoring handshake from %I (unknown key)", addr);
return NULL;
}
- if (key_count(ctx, key)) {
+ if (key_count(key)) {
pr_debug(ctx, "ignoring handshake from %I (disabled key)", addr);
return NULL;
}
@@ -516,7 +516,7 @@ void fastd_protocol_ec25519_fhmqvc_handshake_init(fastd_context_t *ctx, const fa
fastd_buffer_t buffer = fastd_handshake_new_init(ctx, 3*(4+PUBLICKEYBYTES) /* sender key, receipient key, handshake key */);
- fastd_handshake_add(ctx, &buffer, RECORD_SENDER_KEY, PUBLICKEYBYTES, &ctx->conf->protocol_config->key.public);
+ fastd_handshake_add(ctx, &buffer, RECORD_SENDER_KEY, PUBLICKEYBYTES, &conf.protocol_config->key.public);
if (peer)
fastd_handshake_add(ctx, &buffer, RECORD_RECEIPIENT_KEY, PUBLICKEYBYTES, &peer->protocol_config->public_key);
@@ -526,7 +526,7 @@ void fastd_protocol_ec25519_fhmqvc_handshake_init(fastd_context_t *ctx, const fa
fastd_handshake_add(ctx, &buffer, RECORD_SENDER_HANDSHAKE_KEY, PUBLICKEYBYTES, &ctx->protocol_state->handshake_key.key.public);
if (!peer || !fastd_peer_is_established(peer))
- fastd_shell_command_exec(ctx, &ctx->conf->on_connect, peer, (local_addr && local_addr->sa.sa_family) ? local_addr : sock->bound_addr, remote_addr);
+ fastd_shell_command_exec(ctx, &conf.on_connect, peer, (local_addr && local_addr->sa.sa_family) ? local_addr : sock->bound_addr, remote_addr);
fastd_send_handshake(ctx, sock, local_addr, remote_addr, peer, buffer);
}
@@ -576,7 +576,7 @@ void fastd_protocol_ec25519_fhmqvc_handshake_handle(fastd_context_t *ctx, fastd_
}
if (has_field(handshake, RECORD_RECEIPIENT_KEY, PUBLICKEYBYTES)) {
- if (memcmp(&ctx->conf->protocol_config->key.public, handshake->records[RECORD_RECEIPIENT_KEY].data, PUBLICKEYBYTES) != 0) {
+ if (memcmp(&conf.protocol_config->key.public, handshake->records[RECORD_RECEIPIENT_KEY].data, PUBLICKEYBYTES) != 0) {
pr_debug(ctx, "received protocol handshake with wrong receipient key from %P[%I]", peer, remote_addr);
return;
}
@@ -599,7 +599,7 @@ void fastd_protocol_ec25519_fhmqvc_handshake_handle(fastd_context_t *ctx, fastd_
pr_verbose(ctx, "received handshake from %P[%I]%s%s", peer, remote_addr, handshake->peer_version ? " using fastd " : "", handshake->peer_version ?: "");
- peer->last_handshake_response_timeout = fastd_in_seconds(ctx, ctx->conf->min_handshake_interval);
+ peer->last_handshake_response_timeout = fastd_in_seconds(ctx, conf.min_handshake_interval);
peer->last_handshake_response_address = *remote_addr;
respond_handshake(ctx, sock, local_addr, remote_addr, peer, &ctx->protocol_state->handshake_key, &peer_handshake_key, handshake, method);
return;
@@ -616,7 +616,7 @@ void fastd_protocol_ec25519_fhmqvc_handshake_handle(fastd_context_t *ctx, fastd_
}
if (!secure_handshake(handshake)) {
- if (ctx->conf->secure_handshakes || !has_field(handshake, RECORD_T, HASHBYTES)) {
+ if (conf.secure_handshakes || !has_field(handshake, RECORD_T, HASHBYTES)) {
pr_debug(ctx, "received handshake reply without HMAC from %P[%I]", peer, remote_addr);
return;
}
diff --git a/src/protocols/ec25519_fhmqvc/util.c b/src/protocols/ec25519_fhmqvc/util.c
index 3e1bafd..a72ebbf 100644
--- a/src/protocols/ec25519_fhmqvc/util.c
+++ b/src/protocols/ec25519_fhmqvc/util.c
@@ -38,7 +38,7 @@ void fastd_protocol_ec25519_fhmqvc_generate_key(fastd_context_t *ctx) {
ecc_int256_t secret_key;
ecc_int256_t public_key;
- if (!ctx->conf->machine_readable)
+ if (!conf.machine_readable)
pr_info(ctx, "Reading 32 bytes from /dev/random...");
fastd_random_bytes(ctx, secret_key.p, 32, true);
@@ -48,7 +48,7 @@ void fastd_protocol_ec25519_fhmqvc_generate_key(fastd_context_t *ctx) {
ecc_25519_scalarmult_base(&work, &secret_key);
ecc_25519_store_packed(&public_key, &work);
- if (ctx->conf->machine_readable) {
+ if (conf.machine_readable) {
print_hexdump("", secret_key.p);
}
else {
@@ -57,17 +57,17 @@ void fastd_protocol_ec25519_fhmqvc_generate_key(fastd_context_t *ctx) {
}
}
-void fastd_protocol_ec25519_fhmqvc_show_key(fastd_context_t *ctx) {
- if (ctx->conf->machine_readable)
- print_hexdump("", ctx->conf->protocol_config->key.public.u8);
+void fastd_protocol_ec25519_fhmqvc_show_key(void) {
+ if (conf.machine_readable)
+ print_hexdump("", conf.protocol_config->key.public.u8);
else
- print_hexdump("Public: ", ctx->conf->protocol_config->key.public.u8);
+ print_hexdump("Public: ", conf.protocol_config->key.public.u8);
}
-void fastd_protocol_ec25519_fhmqvc_set_shell_env(fastd_context_t *ctx, const fastd_peer_t *peer) {
+void fastd_protocol_ec25519_fhmqvc_set_shell_env(const fastd_peer_t *peer) {
char buf[65];
- hexdump(buf, ctx->conf->protocol_config->key.public.u8);
+ hexdump(buf, conf.protocol_config->key.public.u8);
setenv("LOCAL_KEY", buf, 1);
if (peer && peer->protocol_config) {
diff --git a/src/receive.c b/src/receive.c
index 32a1c39..49f05fe 100644
--- a/src/receive.c
+++ b/src/receive.c
@@ -99,7 +99,7 @@ static bool backoff_unknown(fastd_context_t *ctx, const fastd_peer_address_t *ad
fastd_handshake_timeout_t *t = &ctx->unknown_handshakes[ctx->unknown_handshake_pos];
t->address = *addr;
- t->timeout = fastd_in_seconds(ctx, ctx->conf->min_handshake_interval);
+ t->timeout = fastd_in_seconds(ctx, conf.min_handshake_interval);
return false;
}
@@ -119,11 +119,11 @@ static inline void handle_socket_receive_known(fastd_context_t *ctx, fastd_socke
fastd_buffer_free(buffer);
if (!backoff_unknown(ctx, remote_addr))
- ctx->conf->protocol->handshake_init(ctx, sock, local_addr, remote_addr, NULL);
+ conf.protocol->handshake_init(ctx, sock, local_addr, remote_addr, NULL);
return;
}
- ctx->conf->protocol->handle_recv(ctx, peer, buffer);
+ conf.protocol->handle_recv(ctx, peer, buffer);
break;
case PACKET_HANDSHAKE:
@@ -131,8 +131,8 @@ static inline void handle_socket_receive_known(fastd_context_t *ctx, fastd_socke
}
}
-static inline bool allow_unknown_peers(fastd_context_t *ctx) {
- return ctx->conf->has_floating || fastd_shell_command_isset(&ctx->conf->on_verify);
+static inline bool allow_unknown_peers(void) {
+ return conf.has_floating || fastd_shell_command_isset(&conf.on_verify);
}
static inline void handle_socket_receive_unknown(fastd_context_t *ctx, fastd_socket_t *sock, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *remote_addr, fastd_buffer_t buffer) {
@@ -144,7 +144,7 @@ static inline void handle_socket_receive_unknown(fastd_context_t *ctx, fastd_soc
fastd_buffer_free(buffer);
if (!backoff_unknown(ctx, remote_addr))
- ctx->conf->protocol->handshake_init(ctx, sock, local_addr, remote_addr, NULL);
+ conf.protocol->handshake_init(ctx, sock, local_addr, remote_addr, NULL);
break;
case PACKET_HANDSHAKE:
@@ -170,7 +170,7 @@ static inline void handle_socket_receive(fastd_context_t *ctx, fastd_socket_t *s
if (peer) {
handle_socket_receive_known(ctx, sock, local_addr, remote_addr, peer, buffer);
}
- else if (allow_unknown_peers(ctx)) {
+ else if (allow_unknown_peers()) {
handle_socket_receive_unknown(ctx, sock, local_addr, remote_addr, buffer);
}
else {
@@ -181,7 +181,7 @@ static inline void handle_socket_receive(fastd_context_t *ctx, fastd_socket_t *s
void fastd_receive(fastd_context_t *ctx, fastd_socket_t *sock) {
size_t max_len = fastd_max_outer_packet(ctx);
- fastd_buffer_t buffer = fastd_buffer_alloc(ctx, max_len, ctx->conf->min_decrypt_head_space, ctx->conf->min_decrypt_tail_space);
+ fastd_buffer_t buffer = fastd_buffer_alloc(ctx, max_len, conf.min_decrypt_head_space, conf.min_decrypt_tail_space);
fastd_peer_address_t local_addr;
fastd_peer_address_t recvaddr;
struct iovec buffer_vec = { .iov_base = buffer.data, .iov_len = buffer.len };
diff --git a/src/resolve.c b/src/resolve.c
index ead1985..c67fd53 100644
--- a/src/resolve.c
+++ b/src/resolve.c
@@ -121,7 +121,7 @@ void fastd_resolve_peer(fastd_context_t *ctx, fastd_peer_t *peer, fastd_remote_t
pr_verbose(ctx, "resolving host `%s' for peer %P...", remote->config->hostname, peer);
fastd_remote_ref(remote);
- remote->last_resolve_timeout = fastd_in_seconds(ctx, ctx->conf->min_resolve_interval);
+ remote->last_resolve_timeout = fastd_in_seconds(ctx, conf.min_resolve_interval);
remote->resolving = true;
resolv_arg_t *arg = malloc(sizeof(resolv_arg_t));
diff --git a/src/send.c b/src/send.c
index 3e18483..025eff9 100644
--- a/src/send.c
+++ b/src/send.c
@@ -185,11 +185,11 @@ void fastd_send_all(fastd_context_t *ctx, fastd_peer_t *source_peer, fastd_buffe
/* optimization, primarily for TUN mode: don't duplicate the buffer for the last (or only) peer */
if (i == VECTOR_LEN(ctx->peers)-1) {
- ctx->conf->protocol->send(ctx, dest_peer, buffer);
+ conf.protocol->send(ctx, dest_peer, buffer);
return;
}
- ctx->conf->protocol->send(ctx, dest_peer, fastd_buffer_dup(ctx, buffer, ctx->conf->min_encrypt_head_space, ctx->conf->min_encrypt_tail_space));
+ conf.protocol->send(ctx, dest_peer, fastd_buffer_dup(ctx, buffer, conf.min_encrypt_head_space, conf.min_encrypt_tail_space));
}
fastd_buffer_free(buffer);
diff --git a/src/shell.c b/src/shell.c
index 23381e0..786dd2a 100644
--- a/src/shell.c
+++ b/src/shell.c
@@ -42,10 +42,10 @@ static void shell_command_setenv(fastd_context_t *ctx, pid_t pid, const fastd_pe
if (ctx->ifname) {
setenv("INTERFACE", ctx->ifname, 1);
}
- else if (ctx->conf->ifname) {
+ else if (conf.ifname) {
char ifname[IF_NAMESIZE];
- strncpy(ifname, ctx->conf->ifname, sizeof(ifname)-1);
+ strncpy(ifname, conf.ifname, sizeof(ifname)-1);
ifname[sizeof(ifname)-1] = 0;
setenv("INTERFACE", ifname, 1);
@@ -54,7 +54,7 @@ static void shell_command_setenv(fastd_context_t *ctx, pid_t pid, const fastd_pe
unsetenv("INTERFACE");
}
- snprintf(buf, sizeof(buf), "%u", ctx->conf->mtu);
+ snprintf(buf, sizeof(buf), "%u", conf.mtu);
setenv("INTERFACE_MTU", buf, 1);
if (peer && peer->config && peer->config->name)
@@ -122,7 +122,7 @@ static void shell_command_setenv(fastd_context_t *ctx, pid_t pid, const fastd_pe
unsetenv("PEER_PORT");
}
- ctx->conf->protocol->set_shell_env(ctx, peer);
+ conf.protocol->set_shell_env(peer);
}
static bool shell_command_do_exec(fastd_context_t *ctx, const fastd_shell_command_t *command, const fastd_peer_t *peer, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *peer_addr, pid_t *pid_ret) {
diff --git a/src/socket.c b/src/socket.c
index a1e0d02..70ff17a 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -93,8 +93,8 @@ static int bind_socket(fastd_context_t *ctx, const fastd_bind_address_t *addr, b
#endif
#ifdef USE_PMTU
- if (ctx->conf->pmtu.set) {
- int pmtu = ctx->conf->pmtu.state ? IP_PMTUDISC_DO : IP_PMTUDISC_DONT;
+ if (conf.pmtu.set) {
+ int pmtu = conf.pmtu.state ? IP_PMTUDISC_DO : IP_PMTUDISC_DONT;
if (setsockopt(fd, IPPROTO_IP, IP_MTU_DISCOVER, &pmtu, sizeof(pmtu))) {
pr_error_errno(ctx, "setsockopt: unable to set PMTU discovery");
goto error;
@@ -103,8 +103,8 @@ static int bind_socket(fastd_context_t *ctx, const fastd_bind_address_t *addr, b
#endif
#ifdef USE_PACKET_MARK
- if (ctx->conf->packet_mark) {
- if (setsockopt(fd, SOL_SOCKET, SO_MARK, &ctx->conf->packet_mark, sizeof(ctx->conf->packet_mark))) {
+ if (conf.packet_mark) {
+ if (setsockopt(fd, SOL_SOCKET, SO_MARK, &conf.packet_mark, sizeof(conf.packet_mark))) {
pr_error_errno(ctx, "setsockopt: unable to set packet mark");
goto error;
}
diff --git a/src/tuntap.c b/src/tuntap.c
index fd81c2a..0fc17a3 100644
--- a/src/tuntap.c
+++ b/src/tuntap.c
@@ -64,10 +64,10 @@ void fastd_tuntap_open(fastd_context_t *ctx) {
if ((ctx->tunfd = open("/dev/net/tun", O_RDWR|O_CLOEXEC|O_NONBLOCK)) < 0)
exit_errno(ctx, "could not open tun/tap device file");
- if (ctx->conf->ifname)
- strncpy(ifr.ifr_name, ctx->conf->ifname, IFNAMSIZ-1);
+ if (conf.ifname)
+ strncpy(ifr.ifr_name, conf.ifname, IFNAMSIZ-1);
- switch (ctx->conf->mode) {
+ switch (conf.mode) {
case MODE_TAP:
ifr.ifr_flags = IFF_TAP;
break;
@@ -93,8 +93,8 @@ void fastd_tuntap_open(fastd_context_t *ctx) {
if (ioctl(ctl_sock, SIOCGIFMTU, &ifr) < 0)
exit_errno(ctx, "SIOCGIFMTU ioctl failed");
- if (ifr.ifr_mtu != ctx->conf->mtu) {
- ifr.ifr_mtu = ctx->conf->mtu;
+ if (ifr.ifr_mtu != conf.mtu) {
+ ifr.ifr_mtu = conf.mtu;
if (ioctl(ctl_sock, SIOCSIFMTU, &ifr) < 0)
exit_errno(ctx, "SIOCSIFMTU ioctl failed");
}
@@ -115,7 +115,7 @@ static void set_tun_mtu(fastd_context_t *ctx) {
if (ioctl(ctx->tunfd, TUNGIFINFO, &tuninfo) < 0)
exit_errno(ctx, "TUNGIFINFO ioctl failed");
- tuninfo.mtu = ctx->conf->mtu;
+ tuninfo.mtu = conf.mtu;
if (ioctl(ctx->tunfd, TUNSIFINFO, &tuninfo) < 0)
exit_errno(ctx, "TUNSIFINFO ioctl failed");
@@ -130,7 +130,7 @@ static void set_tap_mtu(fastd_context_t *ctx) {
if (ioctl(ctx->tunfd, TAPGIFINFO, &tapinfo) < 0)
exit_errno(ctx, "TAPGIFINFO ioctl failed");
- tapinfo.mtu = ctx->conf->mtu;
+ tapinfo.mtu = conf.mtu;
if (ioctl(ctx->tunfd, TAPSIFINFO, &tapinfo) < 0)
exit_errno(ctx, "TAPSIFINFO ioctl failed");
@@ -162,7 +162,7 @@ void fastd_tuntap_open(fastd_context_t *ctx) {
char ifname[5+IFNAMSIZ] = "/dev/";
const char *type;
- switch (ctx->conf->mode) {
+ switch (conf.mode) {
case MODE_TAP:
type = "tap";
break;
@@ -175,11 +175,11 @@ void fastd_tuntap_open(fastd_context_t *ctx) {
exit_bug(ctx, "invalid mode");
}
- if (ctx->conf->ifname) {
- if (strncmp(ctx->conf->ifname, type, 3) != 0)
- exit_error(ctx, "`%s' doesn't seem to be a %s device", ctx->conf->ifname, type);
+ if (conf.ifname) {
+ if (strncmp(conf.ifname, type, 3) != 0)
+ exit_error(ctx, "`%s' doesn't seem to be a %s device", conf.ifname, type);
- strncat(ifname, ctx->conf->ifname, IFNAMSIZ-1);
+ strncat(ifname, conf.ifname, IFNAMSIZ-1);
}
else {
strncat(ifname, type, IFNAMSIZ-1);
@@ -191,7 +191,7 @@ void fastd_tuntap_open(fastd_context_t *ctx) {
if (!(ctx->ifname = fdevname_r(ctx->tunfd, malloc(IFNAMSIZ), IFNAMSIZ)))
exit_errno(ctx, "could not get tun/tap interface name");
- switch (ctx->conf->mode) {
+ switch (conf.mode) {
case MODE_TAP:
setup_tap(ctx);
break;
@@ -246,21 +246,21 @@ static void setup_tap(fastd_context_t *ctx) {
void fastd_tuntap_open(fastd_context_t *ctx) {
char ifname[5+IFNAMSIZ] = "/dev/";
- if (!ctx->conf->ifname)
+ if (!conf.ifname)
exit_error(ctx, "config error: no interface name given.");
- else if (strncmp(ctx->conf->ifname, "tun", 3) != 0)
- exit_error(ctx, "config error: `%s' doesn't seem to be a tun device", ctx->conf->ifname);
+ else if (strncmp(conf.ifname, "tun", 3) != 0)
+ exit_error(ctx, "config error: `%s' doesn't seem to be a tun device", conf.ifname);
else
- strncat(ifname, ctx->conf->ifname, IFNAMSIZ-1);
+ strncat(ifname, conf.ifname, IFNAMSIZ-1);
pr_debug(ctx, "initializing tun device...");
if ((ctx->tunfd = open(ifname, O_RDWR|O_CLOEXEC|O_NONBLOCK)) < 0)
exit_errno(ctx, "could not open tun device file");
- ctx->ifname = strndup(ctx->conf->ifname, IFNAMSIZ-1);
+ ctx->ifname = strndup(conf.ifname, IFNAMSIZ-1);
- switch (ctx->conf->mode) {
+ switch (conf.mode) {
case MODE_TAP:
setup_tap(ctx);
break;
@@ -291,10 +291,10 @@ fastd_buffer_t fastd_tuntap_read(fastd_context_t *ctx) {
size_t max_len = fastd_max_inner_packet(ctx);
fastd_buffer_t buffer;
- if (multiaf_tun && ctx->conf->mode == MODE_TUN)
- buffer = fastd_buffer_alloc(ctx, max_len+4, ctx->conf->min_encrypt_head_space+12, ctx->conf->min_encrypt_tail_space);
+ if (multiaf_tun && conf.mode == MODE_TUN)
+ buffer = fastd_buffer_alloc(ctx, max_len+4, conf.min_encrypt_head_space+12, conf.min_encrypt_tail_space);
else
- buffer = fastd_buffer_alloc(ctx, max_len, ctx->conf->min_encrypt_head_space, ctx->conf->min_encrypt_tail_space);
+ buffer = fastd_buffer_alloc(ctx, max_len, conf.min_encrypt_head_space, conf.min_encrypt_tail_space);
ssize_t len = read(ctx->tunfd, buffer.data, max_len);
if (len < 0) {
@@ -308,14 +308,14 @@ fastd_buffer_t fastd_tuntap_read(fastd_context_t *ctx) {
buffer.len = len;
- if (multiaf_tun && ctx->conf->mode == MODE_TUN)
+ if (multiaf_tun && conf.mode == MODE_TUN)
fastd_buffer_push_head(ctx, &buffer, 4);
return buffer;
}
void fastd_tuntap_write(fastd_context_t *ctx, fastd_buffer_t buffer) {
- if (multiaf_tun && ctx->conf->mode == MODE_TUN) {
+ if (multiaf_tun && conf.mode == MODE_TUN) {
uint8_t version = *((uint8_t*)buffer.data) >> 4;
uint32_t af;