-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Initial commit of lwipovpn. See README.md for details about lwipovpn
- Loading branch information
Showing
12 changed files
with
1,718 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
name: CI | ||
|
||
on: | ||
push: | ||
pull_request: | ||
|
||
jobs: | ||
build: | ||
strategy: | ||
matrix: | ||
os: [ ubuntu-20.04, ubuntu-22.04, ubuntu-24.04 ] | ||
compiler: [clang, gcc] | ||
installdeps: ['sudo apt install -y ninja-build cmake'] | ||
include: | ||
- os: macos-latest | ||
installdeps: 'brew install cmake' | ||
compiler: clang | ||
runs-on: ${{matrix.os}} | ||
name: "${{matrix.os}} - ${{matrix.compiler}}" | ||
|
||
env: | ||
CC: ${{ matrix.compiler }} | ||
LSAN_OPTIONS: verbosity=1:log_threads=1 | ||
|
||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: recursive | ||
|
||
- name: Install deps | ||
run: ${{matrix.installdeps }} | ||
|
||
- name: Run cmake | ||
run: cmake -B lwipovpn-build | ||
|
||
- name: Build with cmake | ||
run: cmake --build lwipovpn-build |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
cmake-build-* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
cmake_minimum_required(VERSION 3.14) | ||
|
||
include(CheckSymbolExists) | ||
|
||
set (CMAKE_CONFIGURATION_TYPES "Debug;Release;ASAN") | ||
|
||
# AddressSanitize - use CXX=clang++ CC=clang cmake -DCMAKE_BUILD_TYPE=asan to build with ASAN | ||
set(CMAKE_C_FLAGS_ASAN | ||
"-fsanitize=address,undefined -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" | ||
CACHE STRING "Flags used by the C compiler during AddressSanitizer builds." | ||
FORCE) | ||
set(CMAKE_CXX_FLAGS_ASAN | ||
"-fsanitize=address,undefined -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" | ||
CACHE STRING "Flags used by the C++ compiler during AddressSanitizer builds." | ||
FORCE) | ||
|
||
project(lwipovpn) | ||
|
||
set(CMAKE_C_STANDARD 11) | ||
set(CMAKE_C_STANDARD_REQUIRED TRUE) | ||
|
||
set(LWIP_DIR ${CMAKE_CURRENT_SOURCE_DIR}/lwip) | ||
set(LWIP_CONTRIB_DIR ${LWIP_DIR}/contrib/) | ||
|
||
set (LWIP_INCLUDE_DIRS | ||
"${LWIP_DIR}/src/include" | ||
"${LWIP_DIR}/contrib" | ||
"${LWIP_DIR}/contrib/ports/unix/port/include" | ||
"${CMAKE_CURRENT_SOURCE_DIR}/conf" | ||
) | ||
|
||
include(${LWIP_DIR}/src/Filelists.cmake) | ||
include(${LWIP_DIR}/contrib/Filelists.cmake) | ||
include(${LWIP_DIR}/contrib/ports/unix/Filelists.cmake) | ||
include(${LWIP_DIR}/contrib/ports/CMakeCommon.cmake) | ||
|
||
set (LWIP_DEFINITIONS LWIP_DEBUG=1) | ||
|
||
set(LWIP_OVPN_INCLUDE_DIRS | ||
"${CMAKE_CURRENT_SOURCE_DIR}/app" | ||
"${CMAKE_CURRENT_SOURCE_DIR}/netif" | ||
) | ||
|
||
set(THREADS_PREFER_PTHREAD_FLAG ON) | ||
find_package(Threads REQUIRED) | ||
|
||
# Have a warning about missing FreeBSD support until the PR get merged and we update our submodule | ||
if (${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD") | ||
message(INFO "Note for FreeBSD support manually apply/checkout https://github.com/lwip-tcpip/lwip/pull/46 to the lwip submodule") | ||
endif() | ||
|
||
|
||
add_executable(lwipovpn | ||
app/unixaf_app.c | ||
netif/unixaf.c | ||
netif/unixaf.h | ||
netif/unixaf_host.c | ||
netif/unixaf_host.h | ||
) | ||
|
||
# C doesn't seem to have a good easy to use random function. Use arc4random if available otherwise rand | ||
check_symbol_exists(arc4random stdlib.h HAVE_ARC4RANDOM) | ||
|
||
# we do not care about C90 compatibility in lwipovpn since OpenVPN itself requires C11 | ||
set(LWIP_COMPILER_FLAGS_OVPN ${LWIP_COMPILER_FLAGS}) | ||
LIST(REMOVE_ITEM LWIP_COMPILER_FLAGS_OVPN $<$<COMPILE_LANGUAGE:C>:-Wc90-c99-compat>) | ||
LIST(REMOVE_ITEM LWIP_COMPILER_FLAGS_OVPN -Waggregate-return) | ||
|
||
target_include_directories(lwipovpn PRIVATE ${LWIP_INCLUDE_DIRS} ${LWIP_OVPN_INCLUDE_DIRS}) | ||
target_compile_options(lwipovpn PRIVATE ${LWIP_COMPILER_FLAGS_OVPN}) | ||
target_compile_definitions(lwipovpn PRIVATE ${LWIP_DEFINITIONS} ${LWIP_MBEDTLS_DEFINITIONS}) | ||
if (NOT "${HAVE_ARC4RANDOM}") | ||
target_compile_definitions(lwipovpn PRIVATE -DARC4RANDOM_MISSING) | ||
endif() | ||
target_link_libraries(lwipovpn PRIVATE ${LWIP_SANITIZER_LIBS} lwipcontribexamples lwipcontribapps lwipcontribaddons lwipallapps lwipcontribportunix lwipcore lwipmbedtls) | ||
target_link_libraries(lwipovpn PRIVATE Threads::Threads) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
Copyright (c) 2001, 2002 Swedish Institute of Computer Science. | ||
Copyright (c) 2024 Arne Schwabe | ||
All rights reserved. | ||
|
||
Redistribution and use in source and binary forms, with or without modification, | ||
are permitted provided that the following conditions are met: | ||
|
||
1. Redistributions of source code must retain the above copyright notice, | ||
this list of conditions and the following disclaimer. | ||
2. Redistributions in binary form must reproduce the above copyright notice, | ||
this list of conditions and the following disclaimer in the documentation | ||
and/or other materials provided with the distribution. | ||
3. The name of the author may not be used to endorse or promote products | ||
derived from this software without specific prior written permission. | ||
|
||
THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED | ||
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF | ||
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT | ||
SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, | ||
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT | ||
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | ||
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | ||
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING | ||
IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY | ||
OF SUCH DAMAGE. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
OpenVPN lwipovpn tun/tap emulator | ||
================================= | ||
Overview | ||
-------- | ||
This is a small helper tool based on [lwIP - A Lightweight TCP/IP stack](https://savannah.nongnu.org/projects/lwip/) | ||
to emulate a tun/tap device in userspace without having an effect on the system that the lwip is running on. | ||
|
||
This allows: | ||
|
||
- testing a VPN connection without root | ||
- pinging the connected client | ||
- running tests against the client and the lwip stack | ||
- using lwip example applications | ||
- lwip http server | ||
- lwip iperf server | ||
- ... | ||
- better automated testing | ||
|
||
Features | ||
-------- | ||
- IPv4 Support | ||
- IPv6 Support | ||
- automatic configuration of IPv4 and IPv6 addresses | ||
- tap or tun emulation | ||
|
||
|
||
Enabled apps | ||
------------ | ||
lwip comes a number of demo/default apps. lwipovpn has enabled most of them to be helpful in testing. Further apps | ||
can be enabled/implemented to allow even more testing. | ||
|
||
- netio (https://www.nwlab.net/art/netio/netio.html) | ||
- iperf 2 (https://iperf.fr/) | ||
- http server | ||
- shell (a simple shell that can be used with telnet to make some network diagnostics) | ||
- tcp echo (port 7) | ||
- udp echo (port 7) | ||
- | ||
|
||
Limitations | ||
----------- | ||
- Data through is limited. Iperf performance is at 20 MBit/s. This is not a problem for the indented purpose of | ||
this tool which is for testing. | ||
- Windows port is currently missing. It should be possible to use pipes instead of a socketpair with | ||
AF_UNIX/SOCK_DGRAM to support Windows. This might also require adding a length header to ensure that always | ||
full packets are read/written. | ||
- LWIP does not have a netmask for IPv6 addresses. Addresses are always assumed to be /64 | ||
- Routes are ignored and lwipovpn assumes everything to be reachable via OpenVPN | ||
|
||
Building | ||
-------- | ||
This project uses the CMake build system. | ||
|
||
cmake -B lwipovpnbuild -S lwipovpn | ||
cmake --build lwipovpnbuild | ||
|
||
This should result in a `lwipovpnbuild/lwipovpn` binary that can be used with OpenVPN master and | ||
OpenVPN 2.7.x like this: | ||
|
||
openvpn --config client.ovpn --dev-node unix:lwipovpnbuild/lwipovpn | ||
|
||
Implementation | ||
-------------- | ||
The OpenVPN process will call `(socketpair(AF_UNIX, SOCK_DGRAM, 0, fds)` for connection between OpenVPN and lwipovpn | ||
and execute ovpnlwip and pass the second fd to the process. The rest of the configuration is passed as environment | ||
variables. | ||
- TUNTAP_SOCKET_FD: the fd number of the AF_UNIX socket | ||
- TUN_UNIXAF_PATH: alternative to TUNTAP_SOCKET_FD containing a unix domain socket file path. | ||
- TUNTAP_DEV_TYPE: the type of device to emulate: tap or tun | ||
- TUNTAP_MTU: MTU of the emulated devices | ||
- ifconfig_gateway: Gateway address. Derived from route-gateway in OpenVPN | ||
- ifconfig_local, ifconfig_netmask, ifconfig_netmask, ifconfig_ipv6_local, ifconfig_ipv6_netbits as described in the | ||
openvpn manual page. | ||
|
||
Both the OpenVPN --dev-node unix: and the lwipovpn can be used for other purposes but especially lwipovpn is currently | ||
very OpenVPN specific as it uses the OpenVPN environment variables names. | ||
|
||
License | ||
------- | ||
This tool is under the same (3-Clause BSD License)[COPYING] as lwIP itself. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
/** | ||
* Additional settings for the afunix app. | ||
* Copy this to lwipcfg.h and make the config changes you need. | ||
*/ | ||
|
||
/* configuration for this port, not used */ | ||
#define PPP_USERNAME "Admin" | ||
#define PPP_PASSWORD "pass" | ||
|
||
|
||
|
||
/* remember to change this MAC address to suit your needs! | ||
the last octet will be increased by netif->num for each netif */ | ||
#define LWIP_MAC_ADDR_BASE {0x00,0x01,0x02,0x03,0x04,0x05} | ||
|
||
/* #define USE_SLIPIF 0 */ | ||
/* #define SIO_USE_COMPORT 0 */ | ||
#ifdef USE_SLIPIF | ||
#if USE_SLIPIF | ||
#define LWIP_PORT_INIT_SLIP1_IPADDR(addr) IP4_ADDR((addr), 192, 168, 2, 2) | ||
#define LWIP_PORT_INIT_SLIP1_GW(addr) IP4_ADDR((addr), 192, 168, 2, 1) | ||
#define LWIP_PORT_INIT_SLIP1_NETMASK(addr) IP4_ADDR((addr), 255, 255, 255, 0) | ||
#if USE_SLIPIF > 1 | ||
#define LWIP_PORT_INIT_SLIP2_IPADDR(addr) IP4_ADDR((addr), 192, 168, 2, 1) | ||
#define LWIP_PORT_INIT_SLIP2_GW(addr) IP4_ADDR((addr), 0, 0, 0, 0) | ||
#define LWIP_PORT_INIT_SLIP2_NETMASK(addr) IP4_ADDR((addr), 255, 255, 255, 0)*/ | ||
#endif /* USE_SLIPIF > 1 */ | ||
#endif /* USE_SLIPIF */ | ||
#endif /* USE_SLIPIF */ | ||
|
||
/* configuration for applications */ | ||
|
||
#define LWIP_CHARGEN_APP 0 | ||
#define LWIP_DNS_APP 0 | ||
#define LWIP_HTTPD_APP 1 | ||
/* Set this to 1 to use the netconn http server, | ||
* otherwise the raw api server will be used. */ | ||
#define LWIP_HTTPD_APP_NETCONN 0 | ||
#define LWIP_HTTPD_EXAMPLE_CUSTOMFILES_ROOTDIR 1 | ||
#define LWIP_HTTPD_EXAMPLE_CGI_SIMPLE 0 | ||
#define LWIP_HTTPD_EXAMPLE_SSI_SIMPLE 0 | ||
#define LWIP_NETBIOS_APP 0 | ||
#define LWIP_NETIO_APP 1 | ||
#define LWIP_MDNS_APP 0 | ||
#define LWIP_MQTT_APP 0 | ||
#define LWIP_PING_APP 0 | ||
#define LWIP_RTP_APP 0 | ||
#define LWIP_SHELL_APP 1 | ||
#define LWIP_SNMP_APP 1 | ||
#define LWIP_SNTP_APP 1 | ||
#define LWIP_SOCKET_EXAMPLES_APP 0 | ||
#define LWIP_TCPECHO_APP 1 | ||
/* Set this to 1 to use the netconn tcpecho server, | ||
* otherwise the raw api server will be used. */ | ||
/*#define LWIP_TCPECHO_APP_NETCONN */ | ||
#define LWIP_TFTP_APP 0 | ||
#define LWIP_TFTP_CLIENT_APP 0 | ||
#define LWIP_UDPECHO_APP 1 | ||
#define LWIP_LWIPERF_APP 1 | ||
|
||
#define USE_DHCP 0 | ||
/*#define USE_AUTOIP 1*/ | ||
|
||
/* define this to your custom application-init function */ | ||
/* #define LWIP_APP_INIT my_app_init() */ |
Oops, something went wrong.