http://wiki.ucis.nl/api.php?action=feedcontributions&user=Admin&feedformat=atomQontrol.nl Wiki - User contributions [en]2024-03-28T08:23:44ZUser contributionsMediaWiki 1.38.4http://wiki.ucis.nl/index.php?title=Hoofdpagina&diff=204Hoofdpagina2022-11-09T14:50:57Z<p>Admin: Admin moved page Hoofdpagina to Main Page</p>
<hr />
<div>#REDIRECT [[Main Page]]</div>Adminhttp://wiki.ucis.nl/index.php?title=Main_Page&diff=203Main Page2022-11-09T14:50:57Z<p>Admin: Admin moved page Hoofdpagina to Main Page</p>
<hr />
<div>== Categories ==<br />
*[[Projects]] - About my projects =)<br />
*[[GlobalTuners]]<br />
*[[Anonet]]<br />
<br />
== Links ==<br />
*[http://www.ufo-net.nl/ UFO-Net.nl] - Mijn persoonlijke website<br />
*[http://www.ucis.nl/ UCIS.nl] - Mijn bedrijfswebsite<br />
*[http://www.globaltuners.com/ GlobalTuners.com] - On-line afstandsbestuurbare radio-ontvangers<br />
<br />
== External links ==<br />
*[http://www.meertens.knaw.nl/nfb/ Nederlandse Familienamenbank]<br />
<br />
== Contact ==<br />
*IRC: [http://webchat.kwaaknet.org/ IRC.UFO-Net.nl #Chat]<br />
*Email: Ivo@UFO-Net.nl</div>Adminhttp://wiki.ucis.nl/index.php?title=VNE/DNRouter&diff=202VNE/DNRouter2022-11-09T14:49:54Z<p>Admin: 1 revision imported</p>
<hr />
<div>UCIS VNE DNRouter is a simple BGP and IP router and VPN tunnel application, running completely in userspace on both Windows and Linux platforms. It's built using the [[VNE]] library.<br />
<br />
== Installing DNRouter ==<br />
Download the files from http://oss.ucis.nl/vne/dnrouter/<br />
<br />
== Running DNRouter on Windows ==<br />
You can run the DNRouter.exe executable directly to start the router.<br />
<br />
DNRouter can currently not run as a Windows Service directly. You can use the instructions described on http://support.microsoft.com/kb/137890 or some third party application to run the DNRouter.exe executable as a Windows Service.<br />
<br />
You can also put a shortcut to the DNRouter.exe file in the Start Menu's Startup folder. This will, however, always show the console box.<br />
<br />
If you need a tun/tap network device to talk to the host OS, you need to install the OpenVPN tun/tap drivers first, either from http://oss.ucis.nl/vne/tuntapwin/ (download all files, run addtap.bat), or by installing OpenVPN or Tinc VPN. You can put the windows network interface name in the router/interfaces/tuntap/@ifname configuration.<br />
<br />
== Running DNRouter on Linux ==<br />
Use [http://www.mono-project.com/ Mono] to run DNRouter.exe (eg: mono DNRouter.exe). Using Wine with the Microsoft .Net framework may also work, but is not recommended. You should then somehow make it start when the system boots. This is outside of the scope of this document, but you may want to take a look at [http://articles.techrepublic.com.com/5100-22_11-5307707.html daemontools] (not the virtual CD/DVD tool!), [http://supervisord.org/ Supervisord], [http://upstart.ubuntu.com/ Upstart] or the daemon utility.<br />
<br />
Note that you can speed up [[QuickTun]] encryption operations considerably by providing a native [[NaCl]] library. To build one, follow the steps described at [http://wiki.ucis.ano/NaCl#Building_a_shared_library_from_the_C_code Building a shared NaCl library from the C code].<br />
<br />
== Running DNRouter on Mac OS-X ==<br />
Use [http://www.mono-project.com/ Mono] to run DNRouter.exe (eg: mono DNRouter.exe). You will also need to install the TUN/TAP drivers from http://tuntaposx.sourceforge.net/.<br />
<br />
For router/interfaces/tuntap/@ifname, you have to specify the tun/tap interface name (eg tap0). DNRouter will also run ifconfig [ifname] up to enable the interface, so it may need to run as root. This is a limitation of the Mac OS-X drivers.<br />
<br />
== Configuring DNRouter ==<br />
All configuration goes in the file router.xml. An example is available [http://oss.ucis.nl/vne/dnrouter/example.xml here].<br />
<br />
*<router> - the document root element<br />
** <interfaces> - the section that defines network interfaces (connection to the host and VPN tunnels)<br />
*** <tuntap> - this element defines a tun/tap interface to connect to the host<br />
**** @ifname - this attribute specifies the interface name (it works for both Windows and Linux!)<br />
**** @type - either "tap" or "tun", on Windows only tap is supported<br />
**** @network - (optional) specifies the address or network on the other side of the interface, in prefix/length notation, eg 1.255.123.0/24<br />
**** @dhcpserver - (windows only, optional) enables automatic host IP configuration, this specifies the address of the virtual DHCP server<br />
**** @hostip - (windows only, optional) specifies the IP address to configure on the host (requires @dhcpserver to be set)<br />
**** @netmask - (windows only, optional) the network mask for host IP configuration (requires @dhcpserver and @hostip to be set)<br />
*** <quicktun> - defines a [[QuickTun]] VPN tunnel<br />
**** @type - either "eth" or "ip" (equivalent to "tap" and "tun" devices respectively)<br />
**** @network - specifies the address or network on the other side of the interface, in prefix/length notation, eg 1.255.123.2/32<br />
**** @local - (optional) specifies the local tunnel in IP:PORT format, eg 10.0.0.1:2997<br />
**** @remote - (optional) specifies the remote tunnel in IP:PORT format, eg 10.0.0.2:2997<br />
**** @hwaddr - (optional, ethernet tunnel only) - specifies the MAC address of the interface<br />
**** @mtu - (optional) - specifies the Maximum Transmission Unit<br />
***** Note that at least one of local and remote must be specified!<br />
**** @protocol - specifies the QuickTun cryptographic protocol to use (currently supported are "raw", "nacl0" and "nacltai")<br />
**** <secretkey> - (nacl0 and nacltai protocols only) this element contains the secret key of the local end (eg <secretkey>THE_KEY_GOES_HERE_IN_HEXADECIMAL</secretkey>)<br />
**** <publickey> - (nacl0 and nacltai protocols only) this element contains the public key of the remote end<br />
** <local> - some configuration for the local router<br />
*** <source> - specifies a local address to originate outgoing connections from<br />
**** @network - the destination network address (x.x.x.x/yy notation) for which this address is used as a source address<br />
**** @address - the source IP address to use<br />
*** <address> - specifies a local address that won't be used to originate outgoing connections from<br />
**** @address - the source IP address to use<br />
** <bgp> - configures the BGP router<br />
*** @asn - specifies the AS number of this system<br />
*** @id - specifies the BGP router ID (IP address notation)<br />
*** <peer> - this element defines a BGP peer<br />
**** @address - specifies the IP address of the peer<br />
**** @asn - (currently unused) specifies the AS number of the remote peer<br />
*** <accept> - specifies a network for which to accept BGP routes<br />
**** @network - the network to accept announcements in (eg 1.0.0.0/8 accepts all subnetworks of 1.0.0.0/8 including 1.0.0.0/8 itself)<br />
*** <announce> - announces a local network<br />
**** @network - the network to announce (x.x.x.x/yy)<br />
** <services> - configures locally hosted services<br />
*** <socksserver> - enables a SOCKS5 server<br />
**** @listen - specifies the IP:PORT to listen on (eg 0.0.0.0:1080)<br />
**** @listenside - either "host" or "dn", specifies from which side clients can connect<br />
**** @connectside - either "host" or "dn", specifies where outgoing connections are made<br />
***** Note that the socks server uses the host system for DNS lookups! These may therefore not follow the 'connectside' configuration.<br />
*** <bgp> - enables a BGP listener (optional but recommended)<br />
**** @listen - specifies the IP:PORT to listen on (eg 0.0.0.0:179)<br />
*** <rpc> - enables the [[#RPC service|Remote Procedure Call]] interface, see below<br />
**** @listen - specifies the IP:PORT to listen on<br />
**** @listenside - either "host" or "dn", specifies from which side clients can connect<br />
**** @password - specifies the password for the service<br />
<br />
Note that <xxx> indicates an XML element. @xxx indicates an attribute to the XML element. See also the example configuration file.<br />
<br />
== RPC service ==<br />
The RPC service allows to retrieve internal information from the DNRouter, as well as to control it's behaviour while it's running. Its protocol is subject to change in the future. The current protocol is targeting usage with PHP clients. An example script follows:<br />
<pre><br />
<php<br />
function query($host, $port, $password, $query) {<br />
if (($hubsock = fsockopen($host, $port)) === FALSE) return FALSE;<br />
if (!stream_set_timeout($hubsock, 10)) return FALSE;<br />
if (!fwrite($hubsock, $password."\n")) return FALSE;<br />
if (!is_array($query)) $query = array('CMD' => $query);<br />
if (!fwrite($hubsock, serialize($query))) return FALSE;<br />
if (($len = fgets($hubsock)) === FALSE) return FALSE;<br />
$left = intval($len);<br />
$buff = '';<br />
while ($left > 0) {<br />
if (($new = fread($hubsock, $left)) === FALSE) return FALSE;<br />
if ($new === false) break;<br />
$left -= strlen($new);<br />
$buff .= $new;<br />
}<br />
fclose($hubsock);<br />
return unserialize($buff);<br />
}<br />
<br />
header('Content-Type: text/plain');<br />
print_r(query('127.0.0.1', 1234, 'verysecret', 'routes'));<br />
?><br />
</pre><br />
<br />
Currently supported commands ($query, subject to change):<br />
* ping - returns pong<br />
* routes - list of all known routes in the BGP routing table<br />
* optimal - list of optimal/primary/prefered routes<br />
* peers - list of peers with their imported and exported routes<br />
* localroutes - locally announced routes<br />
* kernelroutes - kernel routing table (which is used for actual IP routing)<br />
* connstat - like netstat<br />
* configure - reload configuration - EXPERIMENTAL!<br />
* shutdown - shutdown BGP connections and exit (should speed up BGP convergence)<br />
* confobj - show configured/reconfigurable objects<br />
* stats - show some numbers</div>Adminhttp://wiki.ucis.nl/index.php?title=VNE&diff=200VNE2022-11-09T14:49:54Z<p>Admin: 3 revisions imported</p>
<hr />
<div>UCIS VNE is a library providing components to build a Virtual Network Environment.<br />
<br />
== VNE components ==<br />
VNE includes, among others, the following components:<br />
* Ethernet switch<br />
* IPv4 and IPv6 router<br />
* TCP/IPv4 and TCP/IPv6 stack and socket interface<br />
* Basic IPv6 NAT, IPv6-to-IPv4 address & protocol translation (with fragmentation support)<br />
* BGP router (protocol, route selection, IPv6)<br />
* IPv4 and IPv6 fragmentation and reassembly<br />
* Ethernet-IPv4 interface, including ARP and Proxy-ARP support<br />
* Ethernet-IPv6 interface, including Neighbor Discovery Protocol and Proxy-NDP support<br />
* Ethernet / IP network interfaces:<br />
** Windows libpcap network bridge<br />
** Libpcap dump file (output only)<br />
** [[QuickTun]] VPN tunnel support (raw, nacl0, nacltai)<br />
** Tun/tap device support on Windows and Linux<br />
** VDE switch client<br />
* Socks proxy server and client<br />
* Promiscuous TCP listener (listen on all addresses and ports)<br />
* slirp like address/protocol translation (including proxy support)<br />
* DNS encoding/decoding/rewriter<br />
<br />
Planned features include:<br />
* Connection tracking NAT/NAPT (IPv4 and IPv6)<br />
* IPTables like rule based firewall, routing and processing<br />
* IPv6 PMTU discovery<br />
* 6in4/6to4 tunnel<br />
* DNS server and resolver<br />
* LWIPV6 support<br />
* VDE switch/server, connector using libvdeplug, vde_plug compatible connector<br />
<br />
All components are implemented in pure (although sometimes 'unsafe') C# code. Most components can run on both Windows and Linux hosts and run in user space without any special privileges.<br />
<br />
Components can be linked together with only a minimal amount of code in any language that supports the Microsoft .Net framework. All components are simply instances of classes, making it possible to, for example, deploy multiple IP routers in one application with only minimal overhead, and to interconnect them to each other, use them separately, or even use NAT mappings between them.<br />
<br />
== Example usage scenarios ==<br />
* BGP daemon for Windows<br />
* Interactive BGP monitor (publish updates to IRC, export routes to a web interface)<br />
* VPN software (Windows/Linux)<br />
* Isolated pure software router (user-space BGP daemon, IP stack and IP router)<br />
* Training and testing setups<br />
* Firewalled SOCKS proxy server<br />
* Transparent gateway to transport IP connections over SOCKS<br />
* slirp-like gateway ('SNAT' to host sockets)<br />
* Isolating applications network access (ld_preload / winsock compatible dll)<br />
* IPv6-to-IPv4 translator for transition<br />
* IPv6 NAT gateway<br />
<br />
== Known usage scenarios ==<br />
* Isolated BGP-speaking IP router, tunnels, IPv6 NAT and informative BGP web interface on [[Anonet]] (for more information, see [[VNE/DNRouter]])<br />
* Real time BGP monitor (reporting updates to IRC) to investigate BGP loops and convergence (on dn42)<br />
<br />
== Downloads ==<br />
The source code is available via BitBucket at https://bitbucket.org/IvoSmits/ucis.vne. The code is available for personal use, but may not be redistributed or used for commercial use without permission. Feel free to contact me to discuss licensing options.<br />
<br />
== Contact ==<br />
Feel free to contact me for more information, by sending an e-mail to ivo@ufo-net.nl or visiting irc.kwaaknet.org #chat (ask for Ivo) for a live chat.</div>Adminhttp://wiki.ucis.nl/index.php?title=VANet&diff=196VANet2022-11-09T14:49:54Z<p>Admin: 1 revision imported</p>
<hr />
<div>== VANet ==<br />
=== Freedom vs anonimity ===<br />
VANet was initially intended to be a Very Anonymous darkNet(work), similar to Anonet, but with some advantages.<br />
<br />
However, it turned out that freedom is much more important than anonimity. For example, anonet provided you with anonimity, but if a few people personally do not like you or what you do, you're out. They (pretend to) care about anonimity, but do not care about freedom at all.<br />
<br />
Therefore, VANet will prioritize the individual freedom, and at the same time allow people to be anonymous as they like.<br />
<br />
=== Government ===<br />
Just like every country or network, VANet will have some kind of authority. This autority consists of the people who run the network's backbone.<br />
<br />
This authority is responsible for setting the standards, as well as maintaining stability of the network. In general, everyone is free to do on the network whatever they like; as long as it does not get other people on the network or the backbone administrators in trouble. In the worst case (apart from any legal consequences in the backbone's'country), the 'unwanted' user is disconnected from the backbone, but he/she is still free to connect directly to other members of the network (that's not our business).<br />
<br />
The backbone administrators should make decisions in a democratic manner. Exceptions can be made in cases of emergency (eg someone misbehaving in a way that takes down the entire network), but must be discussed with the other administrators at a later time. It should be clear to everyone how to contact the administrators, and users have the right to file complaints about an administrator.<br />
<br />
== Addressing ==<br />
=== Domain names ===<br />
VANet will, just like the real internet, allow the use of internal domain names, always ending in .vanet. Some of domain names will be open for user registration, while others are limited to backbone administrators. The following list is a proposal.<br />
* .vanet - TLD<br />
** www.vanet - A web-based list of all content (wiki style, users can add/edit content)<br />
** irc.vanet - The official IRC network (anycast address)<br />
** *.core.vanet - Official services, registrations by backbone administrators<br />
** *.net.vanet - Official services, registrations by backbone administrators<br />
** *.info.vanet - Open for user registrations<br />
** *.talk.vanet - Open for user registrations<br />
<br />
==== Resolving ====<br />
Recursive nameservers will be made available by the backbone administrators. To prevent issues for people who use either only IPv4 or IPv6, there should also be some recursive nameservers which filter IPv6 or IPv4 respectively.<br />
<br />
=== IPv4 ===<br />
No decisions have been made on this one yet...<br />
<br />
=== IPv6 ===<br />
The network will also (primarily?) use IPv6 addresses, because:<br />
* There's plenty of address space we can use<br />
* The future of the internet is in IPv6, IPv4 support will be dropped in the future<br />
* The project may encourage the use of IPv6 for other purposes<br />
* IPv6 allows for cleaner reverse-DNS assignments<br />
<br />
==== IP addresses ====<br />
We will use and advertise public IPv6 addresses on the network. This includes 6to4 addresses. In addition, we can use a private (IANA Reserved) subnet for more anonimity. A route to the AnoNet IPv6 subnet will also be advertised.<br />
<br />
<strike><br />
* nnnn:nnnn:nnnn:0000:0000:0000:0000:0000/48 - VAnet<br />
** nnnn:nnnn:nnnn:0000:0000:0000:0000:0000/52 - Special purpose / core services<br />
*** nnnn:nnnn:nnnn:0000:0000:0000:0000:0000/64 - Core services<br />
*** nnnn:nnnn:nnnn:00AA:0000:0000:0000:0000/64 - Anycast (DNS, IRC)<br />
*** nnnn:nnnn:nnnn:00BB:0000:0000:0000:0000/64 - Backbone network<br />
** nnnn:nnnn:nnnn:1xxx:0000:0000:0000:0000/52 - Multihomed-client subnets<br />
** nnnn:nnnn:nnnn:2000:0000:0000:0000:0000/52 - Experimental use<br />
** nnnn:nnnn:nnnn:3000:0000:0000:0000:0000/52 - Router assignments<br />
*** nnnn:nnnn:nnnn:3x00:0000:0000:0000:0000/56 - Router assignment<br />
**** nnnn:nnnn:nnnn:3x00:0000:0000:0000:0000/64 - Router administrator's public services<br />
**** nnnn:nnnn:nnnn:3x01:0000:0000:0000:0000/64 - Dynamically assigned client addresses<br />
**** nnnn:nnnn:nnnn:3x02:0000:0000:0000:0000/64 - Staticallyassigned client addresses<br />
**** nnnn:nnnn:nnnn:3xyy:0000:0000:0000:0000/64 - Client subnets<br />
</strike><br />
<br />
== Backbone ==<br />
The network will be built around a few 'core routers' (the backbone). These routers must meet a few requirements:<br />
* Reliable connection and server<br />
* Fast connection (at least 10Mbit)<br />
* May not be located in a politically unstable or otherwise dangerous country<br />
* Must provide access to end users<br />
* Must have a static IP address<br />
<br />
=== Backbone routers ===<br />
Every backbone router will:<br />
* Connect to all other backbone routers using the tinc vpn daemon<br />
* Connect to all other backbone routers using the BGP protocol to exchange routes<br />
* Get (or already have) an IPv6 subnet to share with it's clients<br />
* Be listed on the public website<br />
* Allow anyone to connect (unless the user is known to misbehave or the router has reached it's user limit)<br />
* Automatically assign an (dynamic) IP address to new users<br />
<br />
<br />
Every backbone router may:<br />
* Assign a subnet to it's clients<br />
* Use some routing protocol to exchange routes with it's clients<br />
* NOT advertise any of it's clients' routes on the backbone network<br />
* NOT accept routes to subnets that don't belong to their clients (clients may peer with each other though)<br />
* Provide reverse DNS assignment<br />
* Provide access to the network over Tor/I2P/Hamachi (by tunneling the VPN over Tor/I2P/Hamachi)<br />
* Allow access from the internet to services on the private network (web proxy, public IRC server)<br />
* Provide and advertise public IPv6 addresses (6to4, some kind of tunnel)<br />
<br />
== Why VAnet? ==<br />
* Create something usable:<br />
** Decent speed and latency<br />
** IPv6 is already supported by many applications - many applications can be used on VAnet<br />
** Strong anonimity for those who need it through the use of Tor, I2P and Friend-to-Friend networking<br />
* Allows people to learn about networking in a real-life environment, but also allows easy access for those who just want anonimity and freedom of speech<br />
* There is some kind of authority (the backbone administrators), this is necessary to keep the network usable<br />
<br />
== Links ==<br />
* [http://www.anonet2.org/ Anonet2, an attempt to create an anonymous alternative to the regulated internet]<br />
* [http://ix.ucis.nl/ UCIS Internet Exchange]<br />
* [http://www.vanet.org/ Official VANet website]</div>Adminhttp://wiki.ucis.nl/index.php?title=UDPMSG3_Protocol&diff=194UDPMSG3 Protocol2022-11-09T14:49:54Z<p>Admin: 2 revisions imported</p>
<hr />
<div>== Implementation ==<br />
More information on deployments and implementations is available on the [[UDPMSG3]] page.<br />
<br />
== Message fields ==<br />
Key Value<br />
CHN A channel name, this can be anything. For IRC-like public chat channels, it is recommended to use the format "chat/<CHANNELNAME>", where <CHANNELNAME> does not include the # character, eg "chat/anonet".<br />
CMD The event that caused the message to be sent, for chat channels this is one of "MSG", "JOIN", "PART", "NICK", "ALIVE", "PMSG"<br />
NET The originating network, preferably a short name or abbreviation to identify the external network (if any) that originated the event. Purely informational.<br />
USR Nickname of the user (if any) whom has initiated the event (recommendation is to use only alphanumeric characters)<br />
DNET The destination network for the message (optional, often used for CMD=PMSG)<br />
DUSR The recipient user nickname for the message (for CMD=PMSG)<br />
MSG The message associated with the event (only required for MSG, accepted for PART)<br />
NEWNICK New nickname (only valid for NICK command)<br />
DUMMY An optional random value, to guarantee uniqueness of the packet (otherwise it's meaningless and should be ignored on reception)<br />
<br />
Note here that no implementation is required to send a JOIN, PART or NICK event if these events occur, but it is considered nice behaviour to do so as it provides a more transparent view of the chatbox.<br />
<br />
The MSG command indicates that a message has been sent by the user. JOIN and PART are used when a user joins and leaves a channel. NICK is used for nickname changes, but for simplicity an implementation may choose to send or interpret this command as a PART from the old nick followed by a JOIN from the new nick. The ALIVE command indicates that a user is still in a channel, this message may be sent at periodic intervals to keep user lists up to date. The PMSG command can be used for direct user-to-user messages, where DUSR and optionally DNET specify the recipient of the message.<br />
<br />
== Message encoding ==<br />
A message consists of a list of key-value pairs. Keys and values are stored as interleaved strings separated by a NULL byte (binary value 0). For this reason, NULL bytes are not allowed in keys or values. All keys and values should be encoded in ASCII or UTF-8. All binary data should be encoded using an arbitrary, extension specific encoding (eg hex, base32, base64, base128) - this is not part of the core protocol.<br />
<br />
A list of key-value is stored as follows:<br />
<KEY1>\0<VALUE1>\0<KEY2>\0<VALUE2>\0<br />
<br />
Note the tailing \0 character. \0 represents a NULL byte. <KEYx> and <VALUEx> represent the key and value of a key-value pair.<br />
<br />
== Broadcast subsystem ==<br />
The broadcast system relies on the uniqueness of every message. Each node in the system should process each message at most one time, so it should keep a certain back log of messages it has recently seen. Storing an MD5 or SHA1 hash of the message is an acceptable compromise for the uniqueness check, to save memory and speed up lookups.<br />
<br />
A node should send packets it receives to all it's peers, except for the one that sent the packet. However, if the packet is returned to the sending node, the sending node should ignore the packet. How the packet is transfered or encapsulated is not specified. It's considered good practice to add a checksum of hash to the packet. A few recommendations for the underlying protocol are described below.<br />
<br />
The length of a complete message should not exceed 1024 bytes, so that it can reliably be encapsulated in an UDP packet. If a packet is truncated by a lower networking protocol, the entire packet should be dropped.<br />
<br />
== Packet transfer protocols ==<br />
Note that these protocols are only recommendations to encourage compatibility among different implementations. The only requirement here, is that a message may not be changed, and thus should somehow be checked for changes and truncation. Corrupted messages should be dropped.<br />
=== UDP with SHA1 checksum ===<br />
The packet is prefixed with a 20 byte (binary) SHA1 checksum, and then sent as one UDP packet. The receiver should verify the checksum to make sure that the packet has not taken any damage and has not been truncated. The UDP connection can be configured in various different ways: one bidirectional connection, one unidirectional connection, two unidirectional connections and variations thereof.<br />
<br />
Data structure: <20-byte-SHA1-hash><Message><br />
<br />
=== TCP with framing ===<br />
The packet is prefixed with a 2 octet big-endian length field. If the receiving side receives a packet with an impossible length (0 or >1024 bytes), it should ignore the packet and may close the connection. A client/consumer should be able to establish an outbound connection; a hub/router should be able to accept inbound connections, and may be able to establish outbound connections for the purpose of linking to other hubs, but it's easy to work around this using socat for example.<br />
<br />
Data structure: <2-byte-big-endian-length-field><Message><br />
<br />
== Example sourcecode ==<br />
=== Key value pair construction and parsing in C ===<br />
<pre>void KVPDecodeValues(char* encoded, int mlen, char** keys, char** values) {<br />
int i, j;<br />
for (j = 0; j < mlen; j++) {<br />
char* key = encoded + j;<br />
for (; j < mlen && encoded[j]; j++);<br />
if (++j >= mlen) break;<br />
char* value = encoded + j;<br />
for (; j < mlen && encoded[j]; j++);<br />
if (j >= mlen) break;<br />
for (i = 0; keys[i]; i++) if (strcmp(key[i], key) == 0) values[i] = value;<br />
}<br />
}<br />
int KVPEncodeValues(char* encoded, int mlen, char** keys, char** values) {<br />
int i, l = 0;<br />
for (i = 0; keys[i] && values[i]; i++) {<br />
int kl = strlen(keys[i]);<br />
int vl = strlen(values[i]);<br />
l += kl + vl + 2;<br />
if (l > mlen) return -1;<br />
strncpy(encoded, keys[i], kl); encoded += kl; *encoded = 0; encoded++;<br />
strncpy(encoded, values[i], vl); encoded += vl; *encoded = 0; encoded++;<br />
}<br />
return l;<br />
}<br />
int KVPEncodeGetLength(char** keys, char** values) {<br />
int i, l = 0;<br />
for (i = 0; keys[i] && values[i]; i++) l += strlen(keys[i]) + strlen(values[i]) + 2;<br />
return l;<br />
}</pre><br />
<br />
=== Key value pair construction and parsing in PHP ===<br />
<pre>function KVPDecode($encoded) {<br />
$parts = explode("\0", $encoded);<br />
$ret = array();<br />
for ($i = 0; $i < count($parts) - 1; $i += 2) $ret[$parts[$i]] = $parts[$i+1];<br />
return $ret;<br />
}<br />
function KVPEncode($arr) {<br />
$tmp = array();<br />
foreach ($arr as $key => $value) { $tmp[] = $key; $tmp[] = $value; }<br />
$tmp[] = '';<br />
return implode("\0", $tmp);<br />
}</pre></div>Adminhttp://wiki.ucis.nl/index.php?title=UDPMSG3&diff=191UDPMSG32022-11-09T14:49:54Z<p>Admin: 2 revisions imported</p>
<hr />
<div>UDPMSG3 started as a simple protocol for real-time distribution of structured messages through a cloud of interested systems. It has quickly evolved into a suite of compatible applications to distribute textual conversations (chatboxes / IRC channels).<br />
<br />
== UDPMSG3 Protocol ==<br />
UDPMSG3 started as a simple protocol for real-time distribution of structured messages through a cloud of interested systems. It provides a simple way to encode key-value pairs, as well as a mechanism to broadcast arbitrary messages over a mesh network of unicast links. The UDPMSG3 Protocol does not guarantee that messages are delivered, but it tries very hard to deliver a message to all nodes.<br />
<br />
More information on the protocol can be found in the [[UDPMSG3 Protocol]] article.<br />
<br />
== UDPMSG3 Applications ==<br />
Sourcecode to the 'official' implementation is available at http://oss.ucis.nl/hg/udpmsg3/ or http://oss.ucis.ano/hg/udpmsg3/ (inside [[Anonet]]). There are various different applications.<br />
<br />
=== Hub ===<br />
The hub distributes messages among it's 'peers': links to other hubs, gateways, clients, etc. It can be found in the 'hub' subdirectory. All configuration is inside the sourcecode.<br />
<br />
=== IRCd ===<br />
The IRCd provides a simple IRC server, using UDPMSG3 as it's server-link protocol. Other parties on the UDPMSG3 cloud are presented as real users to the IRC client. The source code can be found in the 'ircd' subdirectory.<br />
<br />
=== IRC Relay ===<br />
The IRC Relay provides a a 'client bot', which forwards messages among several channels on several IRC servers, and the UDPMSG3 cloud.<br />
<br />
=== Simple IRC server ===<br />
The Simple IRC server provides a single client UDPMSG3 to IRC translator. It should be run from inetd, xinetd or similar.<br />
<br />
=== UnrealIRCd server link ===<br />
Connects to an UnrealIRCd network using the UnrealIRCd link protocol and presents UDPMSG3 parties to the IRC network as real users. Users are introduced as they speak and disappear after a time-out.</div>Adminhttp://wiki.ucis.nl/index.php?title=Receiver_assessment&diff=188Receiver assessment2022-11-09T14:49:54Z<p>Admin: 1 revision imported</p>
<hr />
<div>== Why is an assessment needed? ==<br />
Users should have an easy way to find out what nodes fit their needs. The receiver assessment is a potential approach based on points as known from Spamassassin and Weight Watchers. This assessment could either be done by admins or as part of an online survey, by the users.<br />
<br />
== How many points for what? ==<br />
'''Receiver type'''<br />
<br />
The average rating at eham.net could be a worthy source to have our assessment based on it.<br />
<br />
''Desktops:''<br />
<br />
Ten-tec RX-340 5.0<br />
<br />
AOR AR-8600 4.8<br />
<br />
IC-775 4.8<br />
<br />
Kenwood TS-480 4.8<br />
<br />
Kenwood TS-850 4.8<br />
<br />
Icom PCR-2500 4.8<br />
<br />
Icom IC-756ProIII 4.7<br />
<br />
Icom IC-R8500 4.7<br />
<br />
Icom IC-R9000 4.6<br />
<br />
AOR AR-7030 4.6<br />
<br />
Icom IC-718 4.6<br />
<br />
JRC NRD 545 4.5<br />
<br />
Icom IC-R75 4.5<br />
<br />
Icom IC-7000 4.4<br />
<br />
[[Icom IC-706]]Mk2 4.4<br />
<br />
Icom PCR-1500 4.2<br />
<br />
Icom PCR-100 4.0<br />
<br />
Icom PCR-1000 3.9<br />
<br />
Icom (other)<br />
<br />
<br />
''SDRs:''<br />
<br />
SDR-1000 compatible 4.8<br />
<br />
Perseus SDR (CI-V) 4.7<br />
<br />
<br />
''Hand-helds:''<br />
<br />
AOR AR-8000 5.0<br />
<br />
AOR AR-8200 4.3<br />
<br />
Icom IC-R10 3.9<br />
<br />
<br />
''Special purpose:''<br />
<br />
SONY XDR-F1HD<br />
<br />
Kenwood KT-6040<br />
<br />
Audio only<br />
<br />
Dummy<br />
<br />
Fanfare FT1A<br />
<br />
FM/TV capture card (FMIO)<br />
<br />
HamSphere<br />
<br />
Hauppauge WinTV<br />
<br />
<br />
'''Location'''<br />
<br />
Metropolitan area<br />
<br />
Country site<br />
<br />
Hard to tell which is best as it depends on the users needs. A metropolitan area usually gets more stuff on VHF/UHF while the QRM on HF is usually lower if the node is located in the woods.<br />
<br />
'''Antenna'''<br />
<br />
Discone<br />
<br />
Longwire<br />
<br />
Vertical<br />
<br />
Loop<br />
<br />
Dipole<br />
<br />
Beam<br />
<br />
Turnable beam<br />
<br />
Antenna height does matter too, of course.<br />
<br />
<br />
'''Availability'''<br />
<br />
24/7<br />
<br />
more than 48 hrs a week<br />
<br />
more than 24 hrs a week<br />
<br />
sporadically<br />
<br />
[[Category:GlobalTuners]]</div>Adminhttp://wiki.ucis.nl/index.php?title=QuickTunTcp&diff=186QuickTunTcp2022-11-09T14:49:54Z<p>Admin: 6 revisions imported</p>
<hr />
<div>== Protocol ==<br />
<pre><br />
General packet format:<br />
2 bytes, 16 bits big endian integer, packet length/flags<br />
bit 0: most significant bit: 0=tunnel data, 1=control command<br />
bit 1-15: payload length (max 32kB payload)<br />
"length" bytes, payload<br />
if encryption has been enabled, the entire payload is encrypted, otherwise it is in plain text<br />
<br />
Control command (inner format):<br />
1 byte, Control command code<br />
Control arguments<br />
<br />
General protocol operation:<br />
The protocol starts operation in unsecure mode. Either side can initiate an encrypted connection using the "Start crypto auth" control command, optionally followed by "Begin key update" to enable the use of session keys for PFS. Either side can request password based authentication from the other side by sending the "Start password authentication" control command. If the encryption keys are to be used only for authentication but not for data encryption, either side can request to disable further encryption using the "Disable encryption" control command.<br />
<br />
Both sides of the connection start operation with a documented, hard coded key pair for both the local and remote side, and the nonce buffer set to all zero. This provides correct operation during the initial key exchange, these keys should not be used for security and no secret data should be transfered while these keys are in use.<br />
<br />
If encryption is enabled, after a packet is encrypted, the 24 byte (send) nonce is incremented as a big-endian number.<br />
<br />
Control commands:<br />
0 Start tunnel data<br />
Sent after initial negotiation has been completed, to indicate that the current state of the tunnel is acceptable to the sender (in terms of security and configuration) and the remote side may enable the tunnel and start sending data<br />
When either side has both sent and received this command, it should enable the tunnel and start sending data<br />
1 Start crypto auth<br />
- Public key (32 bytes)<br />
- Nonce bytes (24 bytes)<br />
This command informs the other side of the intention to enable encryption and to provide the sender's public key and randomly generated nonce initialization data.<br />
If the remote side is supposed to know the local public key (from its configuration, in a 1-to-1 connection), the public key may be set to all zero and should be ignored by the remote side.<br />
The remote side may use the Public key value provided for authentication purposes (accepting/rejecting the connection or selecting a client specific configuration).<br />
After this command has been sent, all outgoing packets are also encrypted. If no key is known for the remote system, a fixed key is used until the remote key is known.<br />
The nonce for outgoing packets is constructed as follows: remotenonceinput[0:12]+localnonceinput[0:12]<br />
On reception of this command, a "Acknowledge crypto auth" message should be sent in return. Additionally, a "Start crypto auth" or "Begin key update" message should be sent by the recipient, if it has not already done so.<br />
2 Acknowledge crypto auth<br />
This command is sent in response to a "Start crypto auth" command, to confirm that the key update has been received and the new key will be used to encrypt packets from this point on.<br />
After this command has been sent, all outgoing packets are also encrypted.<br />
The nonce for outgoing packets is constructed as follows: remotenonceinput[0:12]+localnonceinput[0:12]<br />
3 Begin key update<br />
- Public key (32 bytes)<br />
This command informs the remote side of an updated local key.<br />
After this command has been sent, all outgoing packets are also encrypted.<br />
4 Acknowledge key update<br />
This command informs the remote side that the key update has been received and the new key will be used for following outgoing packets.<br />
After this command has been sent, all outgoing packets are also encrypted.<br />
5 Start password authentication<br />
- Salt (variable length)<br />
Requests the remote side to authenticate with a password, using the "Acknowledge password authentication" command, providing a salt value for the hash operation.<br />
6 Acknowledge password authentication<br />
- Hashed password (512 bits)<br />
Authenticates to the remote side using a password, in response to the "Start password authentication" command.<br />
The "Hashed password" is formed as sha512(Salt + Password) where Password is an ASCII or UTF-8 encoded string.<br />
7 Disable encryption<br />
Requests the remote side to disable encryption. This can be useful if the encryption keys are used only for authentication.<br />
After this command has been sent, all outgoing packets are no longer encrypted.<br />
The remote side may close the connection if this is unacceptable.<br />
8 Acknowledge disable encryption<br />
Confirms that the request to disable encryption has been received.<br />
After this command has been sent, all outgoing packets are no longer encrypted.<br />
9 Echo request<br />
- Data (variable length)<br />
Requests the remote side to echo the data back. This can be used to test latency or check whether the connection is still alive.<br />
10 Echo response<br />
- Data (variable length)<br />
Response to the "Echo request" command.<br />
11 Set network configuration<br />
- IP or Ethernet mode<br />
- IPv4 address and network mask, IPv4 peer address and network mask, IPv4 DNS server<br />
- IPv6 address and network mask, IPv6 peer address and network mask, IPv6 DNS server<br />
This allows a server to automatically assign IP addresses to clients. A client may choose to ignore this message.<br />
12 Routing information update<br />
- Address family (Ethernet, IPv4, IPv6; defines size of Network address and mask)<br />
- Valid flag<br />
- Network address and mask<br />
- List of 4 byte AS numbers or other identification<br />
This command provides basic routing information exchange, which can be used to create a routable mesh network. The command uses a mechanism similar to the BGP protocol and as such might be linked to a BGP router.<br />
13 Data packet<br />
- Data<br />
This command can be used to include data packets in the control stream. This is useful when the packet type needs to be hidden in an encrypted connection, or when padding or combining of small packets is desirable (see the next few commands).<br />
14 Padding<br />
- Padding size (1 byte)<br />
- Control packet<br />
This message contains another control message, with the specified amount of padding data appended at the end (which should be discarded). This can be used to hide the actual length of the packet from attackers. Padding messages can be nested to add more than 255 bytes of padding, but should not be nested more than approximately 10 levels so that an application can use a recursive algorithm to process such packets.<br />
15 Multiple messages<br />
- 16 bits big endian integer, inner message length<br />
- Inner message data<br />
- repeat...<br />
This command can be used to combine multiple (small) control messages into one packet. Intended use is to allow minimization of cryptographic overhead. This message can be nested.<br />
17 Tunnel options<br />
- 1 bit: encryption supported<br />
- 1 bit: unencrypted data allowed<br />
- 6 bits: reserved<br />
This command should be sent when a connection is established, to inform the other side of the ability to handle encryption and acceptability of unencrypted data transfer. The remote side can use this to determine whether it's acceptable to ask for encryption or to disable encryption (if such is allowed by the local configuration). If support for encryption is not indicated and a request for enabling encryption is received, the connection may be closed.<br />
81<br />
- ASCII "UICKTUN"<br />
This command should be the first to be sent by a client once the connection is established. A server may also send this command. The intended use of this command is to provide identification of the protocol if a port is shared by multiple servers (eg VPN, SSH and HTTPS running on port 443). The protocol can be identified by the byte sequence (hex): 80 08 51 55 49 43 4B 54 55 4E.<br />
-<br />
Other control commands can be added later for automatic IP configuration and other uses<br />
<br />
Example control flows:<br />
Raw mode VPN<br />
A Start tunnel data -- A requires no more negotiation and is ready to go<br />
B Start tunnel data -- B requires no more negotiation and is ready to go<br />
VPN traffic<br />
<br />
Password authenticated VPN<br />
A Start tunnel data -- A requires no more negotiation and is ready to go<br />
B Start password authentication -- B would like to see password authentication first<br />
A Acknowledge password authentication -- A authenticates with password<br />
B Start tunnel data -- B is happy, the tunnel can be started<br />
VPN traffic<br />
<br />
Mutual password authenticated VPN<br />
A Start password authentication -- A would like to see password authentication<br />
B Start password authentication -- B would like to see password authentication<br />
B Acknowledge password authentication -- B authenticates with password, as requested by A<br />
A Acknowledge password authentication -- A authenticates with password, as requested by B<br />
B Start tunnel data -- B is happy<br />
A Start tunnel data -- A is happy, the tunnel can be started<br />
- VPN traffic<br />
<br />
Encrypted public VPN<br />
A Start tunnel data -- A requires no more negotiation and is ready to go<br />
B Start crypto auth -- B requires encryption to be enabled and sends keyB and nonce initialization, following outgoing communication will be encrypted keyB->key0<br />
A Acknowledge crypto auth -- A confirms the request, following outgoing communication will be encrypted key0->keyB<br />
A Begin key update (key0->keyB) -- A generates a session key keySA1 and sends to B, following outgoing communication will be encrypted keySA1->keyB<br />
B Begin key update (keyB->key0) -- B likes PFS and also generates a session key keySB1, following outgoing communication will be encrypted keySB1->key0<br />
B Acknowledge key update (keySB1->key0) -- B confirms reception of the request, following outgoing communication will be encrypted keySB1->keySA1<br />
A Acknowledge key update (keySA1->keyB) -- A confirms reception of the request, following outgoing communication will be encrypted keySA1->keySB1<br />
B Start tunnel data (keySB1->keySA1) -- B is happy, the tunnel can be started<br />
- VPN traffic (keySA1<->keySB1)<br />
* B chose to use a session key, but it could have used its fixed key for the entire conversation if PFS is not required. In this case the key update initiated by B would have been redundant.<br />
* key0 is the fixed well-known key documented above, keyB is the fixed key configured on B, keySA1 and keySB1 are the first session keys generated by A and B respectively.<br />
<br />
Encrypted public VPN with password authentication<br />
A Start tunnel data -- A requires no more negotiation and is ready to go<br />
B Start crypto auth -- B requires encryption to be enabled and sends keyB and nonce initialization, following outgoing communication will be encrypted keyB->key0<br />
A Acknowledge crypto auth -- A confirms the request, following outgoing communication will be encrypted key0->keyB<br />
A Begin key update (key0->keyB) -- A generates a session key keySA1 and sends to B, following outgoing communication will be encrypted keySA1->keyB<br />
B Acknowledge key update (keyB->key0) -- B confirms reception of the request, following outgoing communication will be encrypted keyB->keySA1<br />
B Start password authentication (keyB->keySA1) -- B would like to see password authentication<br />
A Acknowledge password authentication (keySA1->keyB) -- A authenticates with password, as requested by B<br />
B Begin key update (keyB->keySA1) -- B likes PFS and generates a session key keySB1, following outgoing communication will be encrypted keySB1->keySA1<br />
A Acknowledge key update (keySA1->keyB) -- A confirms reception of the request, following outgoing communication will be encrypted keySA1->keySB1<br />
B Start tunnel data (keySB1->keySA1) -- B is happy, the tunnel can be started<br />
- VPN traffic (keySA1<->keySB1)<br />
* The order of password authentication and key updates is arbitrary. The protocol allows password authentication and key exchanges to be initiated at any point in the connection.<br />
<br />
Encrypted authenticated VPN<br />
A Start crypto auth -- A requires encryption to be enabled and sends keyA and nonce initialization, following outgoing communication will be encrypted keyA->key0<br />
B Start crypto auth -- B requires encryption to be enabled and sends keyB and nonce initialization, following outgoing communication will be encrypted keyB->key0<br />
A Acknowledge crypto auth (keyA->key0) -- A confirms the request, following outgoing communication will be encrypted keyA->keyB<br />
B Acknowledge crypto auth (keyB->key0) -- B confirms the request, following outgoing communication will be encrypted keyB->keyA<br />
A Begin key update (keyA->keyB) -- A likes PFS and generates a session key keySA1, following outgoing communication will be encrypted keySA1->keyB<br />
B Begin key update (keyB->keyA) -- A likes PFS too and generates a session key keySB1, following outgoing communication will be encrypted keySB1->keyA<br />
A Acknowledge key update (keySA1->keyB) -- A confirms reception of request, following outgoing communication will be encrypted keySA1->keySB1<br />
B Acknowledge key update (keySB1->keyA) -- B confirms reception of request, following outgoing communication will be encrypted keySB1->keySA1<br />
A Start tunnel data (keySA1->keySB1) -- A is happy<br />
B Start tunnel data (keySB1->keySA1) -- B is happy too, start the tunnel<br />
- VPN traffic (keySA1<->keySB1)<br />
A Begin key update (keySA1->keySB1) -- A likes strong PFS and generates a new session key, following outgoing communication will be encrypted keySA2->keySB1<br />
A VPN traffic (keySA2->keySB1)<br />
B VPN traffic (keySB1->keySA1)<br />
B Acknowledge key update (keySB1->keySA1) -- B confirms reception of request, following outgoing communication will be encrypted keySB1->keySA2<br />
- VPN traffic (keySA2<->keySB1)<br />
* keyA and keyB are the fixed keys configured at A and B respectively, key0 is the fixed documented key (see General protocol operation), keySA1 and keySB1 are the first session keys generated by A and B respectively, keySA2 is the second seccion key generated by A<br />
<br />
Cryptographically authenticated unencrypted VPN<br />
A Start crypto auth -- A requires encryption to be enabled and sends keyA and nonce initialization, following outgoing communication will be encrypted keyA->key0<br />
B Start crypto auth -- B requires encryption to be enabled and sends keyB and nonce initialization, following outgoing communication will be encrypted keyB->key0<br />
A Acknowledge crypto auth (keyA->key0) -- A confirms the request, following outgoing communication will be encrypted keyA->keyB<br />
B Acknowledge crypto auth (keyB->key0) -- B confirms the request, following outgoing communication will be encrypted keyB->keyA<br />
A Disable encryption (keyA->keyB) -- A does not actually want encryption, it was just for authentication, following outgoing data will be unencrypted<br />
B Acknowledge disable encryption (keyB->keyA) -- B is okay with that, following outgoing data will be unencrypted<br />
A Start tunnel data -- A is happy<br />
B Start tunnel data -- B is happy too, start the tunnel<br />
- VPN traffic<br />
</pre></div>Adminhttp://wiki.ucis.nl/index.php?title=QuickTunTCP&diff=179QuickTunTCP2022-11-09T14:49:54Z<p>Admin: 2 revisions imported</p>
<hr />
<div>== QuickTun TCP mode ==<br />
This page contains a draft for the protocol to be used in a client/server version of QuickTun using TCP.<br />
<br />
'''THIS DOCUMENT IS OBSOLETE! A newer version is available here: [[QuickTunTcp]]'''<br />
<br />
== Protocol ==<br />
<pre><br />
TCP session<br />
<br />
Client: 32 byte public key or all zero key<br />
Server: 32 byte public key or all zero key<br />
Note: all zero key is used in case the remote side is supposed to know the key, and it is undesirable to send the real public key. The all zero public key is hereby excluded from the valid public keys.<br />
<br />
If only the client public key is all zero:<br />
Client: encrypted packet containing 15 random bytes to be used as the first part of the nonce, encrypted using an all zero nonce. The encrypted packet length is then 15+16=31 bytes.<br />
The server can try to decrypt the message using all (remote) public keys it knows to find out which key is valid.<br />
Otherwise:<br />
Server: encrypted packet containing 15 random bytes to be used as the first part of the nonce, encrypted using an all zero nonce. The encrypted packet length is then 15+16=31 bytes.<br />
Note that both sides providing an all zero key is only valid in a peer to peer configuration, when at least the server knows the client's public key.<br />
<br />
From here on all packets are framed using a 16 bit big endian length header.<br />
<br />
From here on the cryptographic nonce is formed as follows: <1byte:server=0/client=1><15byte:negotiatednonce><8byte:64bitcounter><br />
The first byte of the nonce depends on which side encrypts the packet (tcp server -> 0, tcp client -> 1); the next 15 bytes are given by the the previous packet, the last 8 bytes should contain a 64 bit big endian integer which starts at 0 and is incremented by 1 after each packet.<br />
<br />
The plain text part of each message consists of a one byte header (<1byte:commandidentifier>) followed by the actual data.<br />
<br />
Command identifiers:<br />
0: tunneled data<br />
IP or ethernet data, as negotiated/configured<br />
1: user/password authentication (client->server)<br />
<1byte:length><Nbyte:username><1byte:length><Nbyte:password><br />
1: user/password data confirmation or rejection (server->client)<br />
<1byte:ok=0/undefinederror=1/errors=other><br />
2: tunnel configuration (server->client)<br />
<1byte:configurationcontext(0=tunneltype,1=ethernet,2=IPv4,3=IPv6><br />
0: tunnel type<br />
<1byte:tuntype(1=IP,2=ethernet,3=obsolete_IP_USE_PI)><br />
1: ethernet<br />
<6byte:macaddress><br />
2: ipv4<br />
<4byte:ipv4address><1byte:prefixlength><4byte:dnsserver><1byte:numroutes>[<4byte:destnet><1byte:prefixlength><4byte:gateway>]<br />
Note: if the ipv4address or dnsserver is 0.0.0.0, it is not set and should not be used<br />
3: ipv6<br />
<16byte:ipv6address><1byte:prefixlength><16byte:dnsserver><1byte:numroutes>[<16byte:destnet><1byte:prefixlength><16byte:gateway>]<br />
3: echo packet (both directions, does not expect an answer)<br />
Note: if the ipv6address or dnsserver is ::, it is not set and should not be used<br />
<br />
4: Out-of-band BGP?<br />
<1byte:addressfamily(1=ethernet,2=ipv4,3=ipv6)><1byte:event(1=add,2=delete)><4byte:destnet><1byte:prefixlength><4byte:gateway><2byte:pathlength>[<2byte:asnumber>]<br />
</pre></div>Adminhttp://wiki.ucis.nl/index.php?title=QuickTun/Sourcecode&diff=176QuickTun/Sourcecode2022-11-09T14:49:54Z<p>Admin: 1 revision imported</p>
<hr />
<div>#REDIRECT [[QuickTun]]</div>Adminhttp://wiki.ucis.nl/index.php?title=QuickTun&diff=174QuickTun2022-11-09T14:49:54Z<p>Admin: 13 revisions imported</p>
<hr />
<div>QuickTun is probably the simplest VPN tunnel software ever, yet it's very secure. It relies on the [[NaCl]] encryption library by [http://cr.yp.to/ D. J. Bernstein].<br />
<br />
QuickTun uses the [http://nacl.cace-project.eu/box.html curve25519xsalsa20poly1305 crypto-box] functionality of the NaCl library for secure public-key encryption.<br />
<br />
And that's about all QuickTun does; encrypting and sending data. No fancy features which would only lead to bloating the binary. In fact, QuickTun itself has only a few hundred lines of pure C code, making it dead simple to maintain, analyze, debug and fix.<br />
<br />
== Installing QuickTun on Debian/Ubuntu Linux ==<br />
A precompiled package is available in the UCIS.nl apt repository:<br />
wget -q http://apt.ucis.nl/IvoSmits.asc -O- | apt-key add -<br />
echo "deb http://apt.ucis.nl/ current ucis" >> /etc/apt/sources.list<br />
apt-get update<br />
apt-get install quicktun<br />
<br />
If you prefer to compile QuickTun yourself, or if your platform is not covered in our repository, you can follow the steps below (Installing QuickTun on Linux), and either manually copy the files (from out/ and debian/static/etc/) to their destination, or install the generated debian package (dpkg -i out/quicktun*.deb).<br />
<br />
The tunnel can then be configured in the /etc/network/interfaces file:<br />
auto tun0<br />
iface tun0 inet static<br />
address 192.168.77.1<br />
pointopoint 192.168.77.2<br />
netmask 255.255.255.255<br />
qt_tun_mode 1<br />
qt_protocol nacltai<br />
qt_remote_address 1.2.3.4<br />
qt_local_address 9.8.7.6<br />
qt_private_key_file <LOCAL-SECRET-KEY-FILE><br />
qt_public_key <REMOTE-PUBLIC-KEY><br />
See below for supported configuration options. Please note that all options are written in lower case and are prefixed with qt_. The interface name is taken from the 'iface' entry.<br />
<br />
== Installing QuickTun on Linux or BSD ==<br />
Building QuickTun is very simple. Just run the following commands:<br />
wget http://oss.ucis.nl/quicktun/src/quicktun.tgz -O- | tar -xvz<br />
cd quicktun*<br />
./build.sh<br />
<br />
This command will first download and build the NaCl cryptography engine - this will take some time. When done, the out/ directory will contain a few binaries:<br />
* libquicktun.raw - dynamically loadable library which implements the 'raw' unencrypted quicktun protocol<br />
* quicktun.combined - the one you'll probably want to use, has all supported protocols and can be used 'stand alone'<br />
* quicktun.debian - a binary targeting Debian based systems, for optimal integration with Debian's network configuration files<br />
* quicktun.keypair - can be used to generate a public/secret key pair<br />
* quicktun.nacl0 - stand alone binary implementing the nacl0 protocol (NaCl encryption without nonce)<br />
* quicktun.nacltai - stand alone binary implementing the nacltai protocol (NaCl encryption with nonce)<br />
* quicktun.raw - stand alone binary implementing the 'raw' unencrypted protocol<br />
* quicktun-*.tgz - compressed tarball containing the sourcecode and build scripts, for distribution<br />
* quicktun-*.deb - a Debian binary package, only generated on Debian based systems<br />
<br />
You'll most likely want to use the out/quicktun.combined and out/quicktun.keypair executables. You may want to copy them to /usr/sbin.<br />
<br />
== Configuring QuickTun on Linux (non Debian/Ubuntu) ==<br />
QuickTun configuration is usually stored in a shell script like this:<br />
#!/bin/sh<br />
export TUN_MODE=1<br />
export PROTOCOL=nacltai<br />
export REMOTE_ADDRESS=ipaddress-of-remote-end<br />
export LOCAL_ADDRESS=ipaddress-of-local-end<br />
export PRIVATE_KEY=private-key-of-local-end<br />
export PUBLIC_KEY=public-key-of-remote-end<br />
/usr/sbin/quicktun<br />
<br />
Make sure that the script is not publicly readable because it contains the secret key: chmod 700 will do! To start the VPN tunnel, simply run the shellscript. You can also run the script using some service supervisor (daemon tools, supervisord).<br />
<br />
Alternatively all configuration can be specified on the command line like this:<br />
/usr/sbin/quicktun -c PROTOCOL nacltai -c TUN_MODE 1 -c PRIVATE_KEY_FILE secret.key -c PUBLIC_KEY public-key-of-remote-end<br />
<br />
== QuickTun configuration options ==<br />
* INTERFACE - interface name (non-debian systems only)<br />
* TUN_MODE - set to 1 to operate in tun (IP), unset or 0 (recent versions only) for tap (Ethernet) mode<br />
* USE_PI - set to 1 to include packet information header in wire packets, must be set on both sides if used; set to 2 to automatically add the packet information header for cross-platform compatibility (also compatible with USE_PI=0), some (BSD) kernels need USE_PI to be enabled for IPv6 support<br />
* REMOTE_ADDRESS - IP address or hostname of the remote end (use 0.0.0.0 for a floating/dynamic remote endpoint)<br />
* LOCAL_ADDRESS - IP address or hostname of the local end, optional<br />
* LOCAL_PORT - local UDP port, optional, defaults to 2998<br />
* REMOTE_PORT - remote UDP port, optional, defaults to LOCAL_PORT<br />
* REMOTE_FLOAT - allows the remote address and port to change when properly encrypted packets are received<br />
* TUN_UP_SCRIPT - run specified command or script after the tunnel device has been opened<br />
* SETUID - drop privileges and change user and group IDs to specified username after setting up the tunnel<br />
* nacl0, nacltai and salty (encrypted) protocols only:<br />
** PRIVATE_KEY - local secret key in hexadecimal form (not needed for raw protocol)<br />
** PUBLIC_KEY - remote public key in hexadecimal form (not needed for raw protocol)<br />
** PRIVATE_KEY_FILE - file containing local secret key in binary or hexadecimal form (not needed for raw protocol)<br />
* nacltai (encrypted) protocol only:<br />
** TIME_WINDOW - allowed time window for first received packet in seconds (positive number allows packets from history)<br />
* Combined binary only (quicktun.debian and quicktun.combined executables, Debian based systems):<br />
** PROTOCOL - the protocol to use, one of "raw", "nacl0" and "nacltai"<br />
* Debian /etc/network/interfaces only:<br />
** NO_PRECREATE - set to 1 to run QuickTun as root and not use a persistent tunnel device, unset otherwise<br />
<br />
== QuickTun on Windows ==<br />
A pure C# implementation of QuickTun and the required cryptography code is included in the [[VNE|Virtual Network Environment]]. This code can run on both, Windows and Linux systems, and provide full VPN functionality, in addition to many other features. The [[VNE/DNRouter|DNRouter]] software uses this library to provide QuickTun support.<br />
<br />
A stand-alone tunnel application is also available on http://oss.ucis.nl/vne/quicktun/. Download all files, rename example.xml to quicktun.xml and edit it according to your needs. Then run UCIS.QuickTun.exe. Note that you will have to create/install a tun/tap device before running the software. You can do this either by installing OpenVPN or tinc, or by downloading all files from http://oss.ucis.nl/vne/tuntapwin/ and running addtap.bat.<br />
<br />
The configuration file has the following elements:<br />
*<tunnel> - the document root element<br />
*** <tuntap> - this element defines the tun/tap interface to connect to the host<br />
**** @ifname - this attribute specifies the interface name (it works for both Windows and Linux!)<br />
**** @type - either "tap" or "tun", on Windows only tap is supported<br />
**** @dhcpserver - (windows only, optional) enables automatic host IP configuration, this specifies the address of the virtual DHCP server<br />
**** @hostip - (windows only, optional) specifies the IP address to configure on the host (requires @dhcpserver to be set)<br />
**** @netmask - (windows only, optional) the network mask for host IP configuration (requires @dhcpserver and @hostip to be set)<br />
*** <quicktun> - defines the QuickTun VPN tunnel<br />
**** @local - (optional) specifies the local tunnel in IP:PORT format, eg 10.0.0.1:2997<br />
**** @remote - (optional) specifies the remote tunnel in IP:PORT format, eg 10.0.0.2:2997<br />
***** Note that at least one of local and remote must be specified!<br />
**** @protocol - specifies the QuickTun cryptographic protocol to use (currently supported are "raw", "nacl0", "nacltai" and "salty")<br />
**** <secretkey> - (nacl0, nacltai and salty protocols only) this element contains the secret key of the local end (eg <secretkey>THE_KEY_GOES_HERE_IN_HEXADECIMAL</secretkey>)<br />
**** <publickey> - (nacl0, nacltai and salty protocols only) this element contains the public key of the remote end<br />
<br />
Note that <xxx> indicates an XML element. @xxx indicates an attribute to the XML element. See also the example configuration file.<br />
<br />
== Protocol ==<br />
QuickTun supports four different protocols:<br />
{| class="wikitable"<br />
|-<br />
! scope="col"| Protocol name<br />
! scope="col"| Security<br />
! scope="col"| Overhead<br />
! scope="col"| Remarks<br />
! scope="col"| Details<br />
|-<br />
! scope="row"| raw<br />
| None<br />
| 0 bytes<br />
| Compatible with VirtualBox UDPTunnel<br />
| The IP or ethernet packet as it was read from the device is sent directly in an UDP packet<br />
|-<br />
! scope="row"| nacl0<br />
| Very weak<br />
| 16 bytes<br />
|<br />
| The IP or ethernet packet is encrypted using the curve25519xsalsa20poly1305_box function, with the nonce set to all zero, the first 16 all-zero bytes of the result are stripped off, the rest is sent in an UDP packet<br />
|-<br />
! scope="row"| nacltai<br />
| Secure<br />
| 32 bytes<br />
|<br />
| The IP or ethernet packet is encrypted using the curve25519xsalsa20poly1305_box function, with the nonce being <7bytes=0><1byte=local_pub_key>remote_pub_key?1:0><16bytes:tai64an_packed_timestamp>, the tai64an_packed_timestamp is copied to the beginning of the encrypted buffer (to the area that is normally all zero), the entire buffer is sent (crypto adds 32 bytes of overhead)<br />
|-<br />
! scope="row"| salty<br />
| Secure with PFS<br />
| 20 bytes + control packets<br />
| Requires at least one endpoint to have a fixed address<br />
| The IP or ethernet packet is encrypted using the curve25519xsalsa20poly1305_box function, with temporary keys and nonces which are periodically regenerated and exchanged; this protocol provides Perfect Forward Secrecy and does not depend on clock synchronization for replay protection; the current implementation does not work well if both endpoints are floating<br />
|}<br />
<br />
== QuickTun Linux kernel module ==<br />
Matthias is working on a Linux kernel module providing QuickTun functionality: http://git.universe-factory.net/modquicktun/<br />
<br />
== Links ==<br />
* Mercurial repository: http://oss.ucis.nl/hg/quicktun/<br />
* GitHub project: https://github.com/UCIS/QuickTun (git repository: https://github.com/UCIS/QuickTun.git)<br />
* BitBucket project: https://bitbucket.org/IvoSmits/quicktun<br />
* Debian/Ubuntu packages: http://apt.ucis.nl/packages/<br />
* Sourcecode archives: http://oss.ucis.nl/quicktun/src/ (latest: http://oss.ucis.nl/quicktun/src/quicktun.tgz)<br />
<br />
== Third party packages ==<br />
* ArchLinux: http://aur.archlinux.org/packages.php?ID=44278<br />
* FreeBSD (beta): http://hg.dereckson.be/freebsd-ports/src/tip/net/quicktun/<br />
* OpenWRT: https://dev.openwrt.org/browser/packages/net/quicktun<br />
<br />
== Thanks to... ==<br />
* somerandomnick, some anonymous person who introduced me to the NaCl cryptography library and encouraged me to extend [[Projects/Software/TunTapIO|TunTapIO]]<br />
* Daniel Dickinson <daniel@cshore.neomailbox.net>, who contributed [http://oss.ucis.nl/hg/quicktun/rev/51c6d2fc712f some fixes]<br />
* Everyone who uses QuickTun and has suggested improvements, reported bugs, supported me while fixing them, etc.<br />
<br />
== Support QuickTun ==<br />
You can support QuickTun by spreading the word, reporting bugs, suggesting fixes, porting it to other platforms, packaging it for other distributions, and more. If you would like to make a financial donation, you may send some money to my PayPal account Ivo@UFO-Net.nl, via bitcoin to [bitcoin:13LJt54w2VD9WZQgBG6hGdmny26wg4jqEH?message=QuickTun%20donation 13LJt54w2VD9WZQgBG6hGdmny26wg4jqEH] or ask me for my address (cash) or bank account (IBAN, send me an e-mail).</div>Adminhttp://wiki.ucis.nl/index.php?title=Q-Signals_(fun)&diff=160Q-Signals (fun)2022-11-09T14:49:54Z<p>Admin: 1 revision imported</p>
<hr />
<div>These Q-Signals are mainly used by KU4A and DK1NY, but others adopted parts of it and contributed more signals to the list.<br />
<br />
== QBA ==<br />
*'''B'''uilding '''A'''ntennas<br />
Sven does this in winter. What a LID!<br />
<br />
== QBB ==<br />
*'''B'''ig '''B'''lue<br />
"Outta here to see the LIDs at the IBM club." Sven does this every monday.<br />
<br />
== QBG ==<br />
*'''B'''asketball '''G'''ame<br />
"Will be watching a basketball game. Gotta be back in 2 hrs."<br />
<br />
== QBV ==<br />
*'''B'''abe '''V'''isit<br />
Visiting a babe or even better: being visited by a babe. see QCB<br />
<br />
== QBW ==<br />
*'''B'''ottled '''W'''ater<br />
Volvic and Evian rules.<br />
<br />
== QCB ==<br />
*'''C'''all a '''B'''abe<br />
This means Bonnie for Chris and Mariska for Sven. See QBV<br />
<br />
== QCC ==<br />
*'''C'''leaning '''C'''up<br />
see QDD and QPC<br />
<br />
== QCH ==<br />
*'''C'''utting '''H'''air<br />
It simply has to be done. This is the 21st century, not 1968.<br />
<br />
== QCL ==<br />
*'''C'''all from a '''L'''ID<br />
Why is it that a cell phone is the only trx a LID can handle?<br />
<br />
== QDA ==<br />
*'''D'''octor '''A'''ppointment<br />
This is what Chris does, but Sven does it too...every couple of years.<br />
<br />
== QDD ==<br />
*'''D'''oing '''D'''ishes<br />
"'Cause a man's gotta do what a man's gotta do."<br />
<br />
== QDL ==<br />
*'''D'''oing '''L'''aundry<br />
If ya can't find a matching pair of clean socks, it's definately time for QDL.<br />
<br />
== QDP ==<br />
*'''D'''r. '''P'''epper<br />
Too bad it's not Jolt, but at least it contains some caffeine..<br />
<br />
== QDR ==<br />
*'''D'''aily '''R'''ussian<br />
"Need to work a chirpy UA LID."<br />
<br />
== QEA ==<br />
*'''E'''at tasty '''A'''nimals<br />
This is what Chris does. see QVO<br />
<br />
== QEW ==<br />
*'''E'''vil '''W'''eed<br />
It's not a drug, but a homeopathic product. Under the influence of weed, the space-time continuum extends by 500 percent. With permanent consumption of weed you can become 400 years old. :)<br />
"I'm out for smoking some weed."<br />
<br />
== QFB ==<br />
*'''F'''ixing '''B'''ugs<br />
Have ya ever seen a bug-less software? Nah? Me neither..<br />
<br />
== QFC ==<br />
*'''F'''eeding the '''C'''ats<br />
Sven does this twice a day. However, his two cats could always eat. (note: they prefer QEA, not QVO)<br />
<br />
== QFF ==<br />
*'''F'''resh '''F'''ruits<br />
"Gotta do something for my health." You can't start too early with that.<br />
<br />
== QFG ==<br />
*'''F'''ootball '''G'''ame<br />
"Am outta here for the next 3.5 hrs, watching cheerleaders."<br />
<br />
== QGB ==<br />
*'''G'''oing to '''B'''ed<br />
Even LIDs have to sleep. No matter how much QPC we had.<br />
<br />
== QGC ==<br />
*'''G'''eneric '''C'''ola<br />
I'm having some cola. Even Poopsi..err..Pepsi falls into this category. Unbelievable!<br />
<br />
== QGH ==<br />
*'''G'''oing '''H'''ome<br />
Have spent way too much time at the office. Home sweet home..I'm coming!<br />
<br />
== QGL ==<br />
*'''G'''lass of '''L'''emonade<br />
"Need to have some lemonade." see QMD and QPC<br />
<br />
== QGS ==<br />
*'''G'''rocery '''S'''tore<br />
Yet another source for QVO and QEA.<br />
<br />
== QGT ==<br />
*'''G'''reen '''T'''ea<br />
"After yet another day of stress, a nice cup of green tea is the correct drink.." This is what Sven does. Often in conjunction with QIS.<br />
<br />
== QHC ==<br />
*'''H'''ouse '''C'''leaning<br />
Annoying, but it has to be done.<br />
<br />
== QHG ==<br />
*'''H'''ockey '''G'''ame<br />
"Will be out for the next 150 minutes to watch some fights. Go Columbus go!"<br />
<br />
== QHS ==<br />
*'''H'''aving a '''S'''moke<br />
This is what Sven does. Tobacco is good, QEW even better.<br />
<br />
== QHW ==<br />
*'''H'''ot '''W'''ater<br />
"Gotta drink some hot water."<br />
<br />
== QIC ==<br />
*'''I'''ce '''C'''ream<br />
Yummy. Period.<br />
<br />
== QIS ==<br />
*'''I'''ncense '''S'''tick<br />
"Firing up an incense stick and going to praise Discordia, Goddess of Chaos." This is what Sven does. What a LID!<br />
<br />
== QIT ==<br />
*'''I'''ced '''T'''ea<br />
"Gonna have some iced tea." More QIT usually results in more QWC.<br />
<br />
== QKR ==<br />
*'''KR'''oger<br />
24/7 version of a QGS. Too bad there's no such thing in Old Europe. Poor Sven.<br />
<br />
== QLC ==<br />
*'''L'''iquid '''C'''rack<br />
I'm having an energy drink.<br />
<br />
== QLD ==<br />
*'''L'''id '''D'''inner<br />
"Will meet other LIDs for dinner."<br />
<br />
== QLL ==<br />
*'''L'''id '''L'''unch<br />
"Will meet other LIDs for lunch."<br />
<br />
== QLM ==<br />
*'''L'''istening to '''M'''usic<br />
Even LIDs can't listen to CW signals all day.<br />
<br />
== QMC ==<br />
*'''M'''afia '''C'''ake<br />
Italian meal, also known as "pizza". Can be QEA or QVO.<br />
<br />
== QMD ==<br />
*'''M'''ountain '''D'''ew<br />
see QGL and QPC<br />
<br />
== QMM ==<br />
*'''M'''aking '''M'''usic<br />
Sven did it almost every friday...and will do sometime in future.<br />
<br />
== QMS ==<br />
*'''M'''idnight '''S'''nack<br />
Can be QVO or QEA (and midnight UTC or local).<br />
<br />
== QMW ==<br />
*'''M'''icrowave '''W'''armup<br />
Warming up QPC with the enclosed resonant cavity excited by a 2.4GHz magnetron with motorized dialectric orientation device.<br />
<br />
== QOM ==<br />
*'''O'''pening '''M'''ail<br />
Separating bills and spam from the love letters.<br />
<br />
== QPC ==<br />
*'''P'''ot of '''C'''offee<br />
"If I don't get a coffee within the next 60 seconds, I'll prolly not survive the day." see QGL and QMD<br />
<br />
== QPM ==<br />
*putting the '''P'''edal to the '''M'''etal<br />
Life is too short for driving slow.<br />
<br />
== QTS ==<br />
*'''T'''ime for a '''S'''hower<br />
Common answer: "*sniff* thanks!"<br />
<br />
== QTV ==<br />
*'''T'''ele'''V'''ison<br />
Out for watching some TV.<br />
<br />
== QVO ==<br />
*'''V'''eggies '''O'''nly<br />
This is what Sven does. see QEA<br />
<br />
== QWB ==<br />
*'''W'''omen's '''B'''asketball<br />
*'''W'''atching '''B'''oobs<br />
<br />
== QWC ==<br />
*'''W'''ater '''C'''loset<br />
"To avoid having a wet chair, I'll be back in a few minutes."<br />
<br />
== QWM ==<br />
*'''W'''ork '''M'''eeting<br />
Do ya remember Dilbert?<br />
<br />
== QWT ==<br />
*'''W'''ont '''T'''ell<br />
Gentlemen don't talk about it.<br />
<br />
[[Category:GlobalTuners]]</div>Adminhttp://wiki.ucis.nl/index.php?title=Q-Signals&diff=158Q-Signals2022-11-09T14:49:54Z<p>Admin: 1 revision imported</p>
<hr />
<div>#REDIRECT [[Q-Signals (fun)]]</div>Adminhttp://wiki.ucis.nl/index.php?title=Projects/Software/TunTapIO/tuntap.c&diff=156Projects/Software/TunTapIO/tuntap.c2022-11-09T14:49:54Z<p>Admin: 1 revision imported</p>
<hr />
<div><pre><br />
/**********************************************************************<br />
* ttio - tun/tap to stdin/out proxy *<br />
* Written by: Ivo Smits <Ivo@UFO-Net.nl> *<br />
* *<br />
* Compile using: gcc tuntap.c -o ttio *<br />
* *<br />
* Based on PigeonWare (http://www.blug.linux.no/rfc1149/) *<br />
* *<br />
* Many thanks to: *<br />
* - http://www.blug.linux.no/rfc1149/ (must-see!) *<br />
* - http://linux.about.com/od/commands/l/blcmdl2_select.htm *<br />
* *<br />
**********************************************************************/<br />
<br />
#include <stdio.h><br />
#include <stdlib.h><br />
#include <string.h><br />
#include <fcntl.h><br />
#ifndef HAVE_NETINET_IN_H<br />
#include <netinet/in.h><br />
#endif<br />
<br />
#include <sys/ioctl.h><br />
#include <linux/if.h><br />
#include <linux/if_tun.h><br />
#include <linux/if_ether.h><br />
<br />
#include <errno.h><br />
#include <dirent.h> <br />
<br />
const char* TunTapDev = "/dev/net/tun";<br />
<br />
// The main program, this is where all the magic happens<br />
int main(int argc, char** argv) {<br />
int DumpStats = 1;<br />
int IncludePLen = 1;<br />
<br />
//Parse command line arguments<br />
if (argc > 1) {<br />
if (strcmp(argv[1], "-h") == 0) {<br />
fprintf(stderr, "ttio - tun/tap to stdio proxy\n");<br />
fprintf(stderr, "Usage: %s INTF [-tap|-tun] [CLEN] [-pi]\n", argv[0]);<br />
fprintf(stderr, " INTF: the name of the network interface\n");<br />
fprintf(stderr, " -tap: tap style ethernet tunnel (default)\n");<br />
fprintf(stderr, " -tun: point-to-point IP tunnel\n");<br />
fprintf(stderr, " CLEN: capture size (should be the same as the mtu, default: %d)\n", ETH_FRAME_LEN);<br />
fprintf(stderr, " -pi: include packet information\n");<br />
fprintf(stderr, "Note that the arguments should be in exactly THIS order.\n");<br />
fprintf(stderr, "Report bugs to <Ivo@UFO-Net.nl>\n");<br />
exit(0);<br />
}<br />
} else {<br />
//Application won't run without arguments<br />
fprintf(stderr, "Try: %s -h\n", argv[0]);<br />
exit(1);<br />
}<br />
<br />
struct ifreq ifr;<br />
//Clear the ifreq structure<br />
memset(&ifr, 0, sizeof(ifr));<br />
<br />
char dev[IFNAMSIZ] = "tap1"; //Interface name<br />
//Copy the interface name from the commandline<br />
strcpy(dev, argv[1]);<br />
strcpy(ifr.ifr_name, dev);<br />
<br />
//Initial capture length<br />
int CaptureLen = ETH_FRAME_LEN;<br />
<br />
{<br />
//Default to TAP interface, change only if --tun option is detected<br />
short ifrflags = IFF_TAP;<br />
if (argc > 2 && strcmp(argv[2], "-tun") == 0) {<br />
ifrflags = IFF_TUN;<br />
CaptureLen = ETH_DATA_LEN;<br />
}<br />
//Different capture length?<br />
if (argc > 3) CaptureLen = atoi(argv[3]);<br />
if (CaptureLen < 1) {<br />
fprintf(stderr, "Capture length %d invalid!\n", CaptureLen);<br />
exit(1);<br />
}<br />
fprintf(stderr, "Max packet length: %d\n", CaptureLen);<br />
//Include packet info in output?<br />
if (!(argc > 4 && strcmp(argv[4], "-pi") == 0)) ifrflags = ifrflags | IFF_NO_PI;<br />
//Set ifr flags<br />
ifr.ifr_flags = ifrflags;<br />
}<br />
<br />
#warning "Make sure that dbuf can hold all the captured data"<br />
register int Ret; //Return value<br />
int TunFD; //Tun/tap stream<br />
<br />
//Try to open the tun/tap device file, exit on failure<br />
fprintf(stderr, "Opening %s\n", TunTapDev);<br />
if ((TunFD = open(TunTapDev, O_RDWR)) < 0) {<br />
fprintf(stderr, "Failed to open %s: %d\n", TunTapDev, TunFD);<br />
exit(2);<br />
}<br />
<br />
//Request the interface and set its flags<br />
fprintf(stderr, "Requesting device: %s\n", dev);<br />
if (ioctl(TunFD, TUNSETIFF, (void *)&ifr) < 0 ) {<br />
fprintf(stderr, "ioctl for device name failed!\n");<br />
close(TunFD);<br />
exit(3);<br />
}<br />
<br />
//Just to make sure..?<br />
#warning "Do we really need to read the interface name back from the ifr structure?"<br />
strcpy(dev, ifr.ifr_name);<br />
fprintf(stderr, "Tunnel interface: %s\n", dev);<br />
<br />
#warning "Set the interfaces mtu to CaptureLength (-2 if Packet Info flag)"<br />
//Run the setup script<br />
{<br />
char syscmd[256];<br />
sprintf(syscmd, "./setup.sh %s", dev);<br />
fprintf(stderr, "Execute: %s\n", syscmd);<br />
system(syscmd);<br />
}<br />
<br />
fprintf(stderr, "Proxy ready for action!\n");<br />
<br />
fd_set fdsRead, fdsWrite; //FileDescriptor sets for select()<br />
unsigned char RBuf[CaptureLen], WBuf[CaptureLen]; //Data buffers<br />
int RBufLen = 0, WBufLen = 0; //Packet length<br />
int PLen;<br />
<br />
//Start an infinite loop<br />
while (1) {<br />
if (WBufLen < 0 || RBufLen < 0) {<br />
fprintf(stderr, "WBufLen < 0 or RBufLen < 0 :|\n");<br />
exit(2);<br />
}<br />
<br />
FD_ZERO(&fdsRead); //Clear FD set<br />
if (RBufLen == 0) FD_SET(TunFD, &fdsRead); //Add tunnel device file<br />
if (WBufLen == 0) FD_SET(0, &fdsRead); //Add stdin<br />
<br />
FD_ZERO(&fdsWrite); //Clear FD set<br />
if (WBufLen > 0) FD_SET(TunFD, &fdsWrite); //Add tunnel device file<br />
if (RBufLen > 0) FD_SET(1, &fdsWrite); //Add stdout<br />
<br />
if (select(TunFD + 1, &fdsRead, &fdsWrite, NULL, NULL) < 0) {<br />
if (errno == EAGAIN || errno == EINTR) {<br />
continue; //Retry select<br />
} else {<br />
fprintf(stderr, "An unhandled error occured in select: %d", errno);<br />
exit(5);<br />
}<br />
}<br />
<br />
//Read from tun/tap device file<br />
if (FD_ISSET(TunFD, &fdsRead) && RBufLen == 0) {<br />
RBufLen = read(TunFD, RBuf, CaptureLen);<br />
if (RBufLen == 0) {<br />
fprintf(stderr, "End of file on %s\n", TunTapDev);<br />
exit(0);<br />
} else if (RBufLen < 0) {<br />
fprintf(stderr, "Some error occured while reading from %s: %d\n", TunTapDev, RBufLen);<br />
exit(4);<br />
}<br />
if (DumpStats != 0) fprintf(stderr, "R: %d\n", RBufLen);<br />
}<br />
//Write to tun/tap device file<br />
if (FD_ISSET(TunFD, &fdsWrite) && WBufLen > 0) {<br />
write(TunFD, WBuf, WBufLen);<br />
if (DumpStats != 0) fprintf(stderr, "W: %d\n", WBufLen);<br />
WBufLen = 0;<br />
}<br />
<br />
//Read from stdin (FD 0)<br />
if (FD_ISSET(0, &fdsRead) && WBufLen == 0) {<br />
if (IncludePLen == 1) {<br />
WBufLen = read(0, &PLen, 4);<br />
}<br />
if (IncludePLen == 0 || PLen > CaptureLen) {<br />
PLen = CaptureLen;<br />
}<br />
if (IncludePLen == 0 || WBufLen > 0) {<br />
WBufLen = read(0, WBuf, PLen);<br />
}<br />
if (WBufLen == 0) {<br />
fprintf(stderr, "End of file on stdin\n");<br />
exit(0);<br />
} else if (WBufLen < 0) {<br />
fprintf(stderr, "Some error occured while reading stdin: %d\n", WBufLen);<br />
exit(4);<br />
}<br />
}<br />
//Write to stdout (FD 1)<br />
if (FD_ISSET(1, &fdsWrite) && RBufLen > 0) {<br />
if (IncludePLen == 1) write(1, &RBufLen, 4);<br />
write(1, RBuf, RBufLen);<br />
RBufLen = 0;<br />
}<br />
}<br />
}<br />
</pre></div>Adminhttp://wiki.ucis.nl/index.php?title=Projects/Software/TunTapIO/rawsock.c&diff=154Projects/Software/TunTapIO/rawsock.c2022-11-09T14:49:54Z<p>Admin: 1 revision imported</p>
<hr />
<div><pre><br />
/**********************************************************************<br />
* rsio - raw socket to stdin/out proxy *<br />
* Written by: Ivo Smits <Ivo@UFO-Net.nl> *<br />
* *<br />
* Compile using: gcc rawsock.c -o rsio *<br />
* *<br />
* Many thanks to: *<br />
* - http://www.blug.linux.no/rfc1149/ *<br />
* - http://linux.about.com/od/commands/l/blcmdl2_select.htm *<br />
* - http://bochs.sourceforge.net/ (the iodev/eth_linux.cc module) *<br />
* *<br />
**********************************************************************/<br />
<br />
#include <stdio.h><br />
#include <stdlib.h><br />
#include <string.h><br />
#include <fcntl.h><br />
#ifndef HAVE_NETINET_IN_H<br />
#include <netinet/in.h><br />
#endif<br />
<br />
#include <sys/ioctl.h><br />
<br />
#include <errno.h><br />
#include <dirent.h><br />
<br />
#include <errno.h><br />
#include <sys/types.h><br />
#include <sys/socket.h><br />
#include <netpacket/packet.h><br />
#include <netinet/in.h><br />
#include <net/ethernet.h><br />
#include <net/if.h><br />
#include <linux/types.h><br />
#include <linux/filter.h><br />
#include <linux/if_ether.h><br />
<br />
// The main program, this is where all the magic happens<br />
int main(int argc, char** argv) {<br />
int DumpStats = 1;<br />
int IncludePLen = 1;<br />
<br />
//Parse command line arguments<br />
if (argc > 1) {<br />
if (strcmp(argv[1], "-h") == 0) {<br />
fprintf(stderr, "rsio - raw socket to stdio proxy\n");<br />
fprintf(stderr, "Usage: %s INTF [-raw|-ip] [CLEN] [-prom]\n", argv[0]);<br />
fprintf(stderr, " INTF: the name of the network interface to connect to\n");<br />
fprintf(stderr, " -raw: raw ethernet communication (default)\n");<br />
fprintf(stderr, " -tun: IP level communication\n");<br />
fprintf(stderr, " CLEN: capture size (should be the same as the mtu, default: %d)\n", ETH_FRAME_LEN);<br />
fprintf(stderr, " -prom: enable promiscious mode (warning, won't be disabled)\n");<br />
fprintf(stderr, "Note that the arguments should be in exactly THIS order.\n");<br />
fprintf(stderr, "Report bugs to <Ivo@UFO-Net.nl>\n");<br />
exit(0);<br />
}<br />
} else {<br />
//Application won't run without arguments<br />
fprintf(stderr, "Try: %s -h\n", argv[0]);<br />
exit(1);<br />
}<br />
<br />
int sock; //The socket<br />
<br />
int CaptureLen = ETH_FRAME_LEN;<br />
{<br />
int linktype = 0; //Default to ethernet packets (0=ethernet, 1=IP)<br />
if (argc > 2 && strcmp(argv[2], "-ip") == 0) linktype = 1;<br />
<br />
if (linktype == 1) CaptureLen = ETH_DATA_LEN;<br />
<br />
//Different capture length?<br />
if (argc > 3) CaptureLen = atoi(argv[3]);<br />
if (CaptureLen < 1) {<br />
fprintf(stderr, "Capture length %d invalid!\n", CaptureLen);<br />
exit(1);<br />
}<br />
fprintf(stderr, "Max packet length: %d\n", CaptureLen);<br />
<br />
//Open the socket!<br />
int socktype, sockproto;<br />
#warning "ToDo: add some more protocols from /usr/include/linux/if_ether.h!"<br />
if (linktype == 1) {<br />
fprintf(stderr, "Warning: IP mode does not catch sent packets!\n");<br />
#warning "IP mode does not catch sent packets!"<br />
socktype = SOCK_DGRAM;<br />
sockproto = htons(ETH_P_IP);<br />
} else {<br />
socktype = SOCK_RAW;<br />
sockproto = htons(ETH_P_ALL);<br />
}<br />
if ((sock = socket(PF_PACKET, socktype, sockproto)) == -1) {<br />
fprintf(stderr, "Failed to create socket: %s\n", strerror(errno));<br />
exit(1);<br />
}<br />
}<br />
<br />
//Bind to given interface by name<br />
{<br />
const char *dev; //Device to connect to<br />
strcpy(dev, argv[1]);<br />
<br />
//Translate interface name to index<br />
struct ifreq ifr;<br />
memset(&ifr, 0, sizeof(ifr));<br />
strcpy(ifr.ifr_name, dev);<br />
if (ioctl(sock, SIOCGIFINDEX, &ifr) == -1) {<br />
fprintf(stderr, "Failed to get index for interface: '%s'\n", dev);<br />
close(sock);<br />
exit(1);<br />
}<br />
<br />
// Bind to given interface<br />
struct sockaddr_ll sll;<br />
memset(&sll, 0, sizeof(sll));<br />
sll.sll_family = AF_PACKET;<br />
sll.sll_ifindex = ifr.ifr_ifindex;<br />
if (bind(sock, (struct sockaddr *)&sll, (socklen_t)sizeof(sll)) == -1) {<br />
fprintf(stderr, "Could not bind to interface '%s': %s\n", dev, strerror(errno));<br />
close(sock);<br />
exit(1);<br />
}<br />
<br />
#warning "Disable promiscious mode on exit! (signal handler?)"<br />
if (argc > 5 && strcmp(argv[5], "-prom") == 0) {<br />
register int Ret;<br />
if (Ret = ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) {<br />
fprintf(stderr, "Failed to get interface flags: '%s'\n", Ret);<br />
close(sock);<br />
exit(1);<br />
}<br />
ifr.ifr_flags |= IFF_PROMISC;<br />
if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) {<br />
fprintf(stderr, "Failed to set interface flags for promisc mode: '%s'\n", Ret);<br />
close(sock);<br />
exit(1);<br />
}<br />
fprintf(stderr, "Promiscious mode enabled!\n");<br />
}<br />
}<br />
<br />
fprintf(stderr, "Proxy ready for action!\n");<br />
<br />
fd_set fdsRead, fdsWrite; //FileDescriptor sets for select()<br />
unsigned char RBuf[CaptureLen], WBuf[CaptureLen]; //Data buffers<br />
int RBufLen = 0, WBufLen = 0; //Packet length<br />
int PLen;<br />
<br />
//Start an infinite loop<br />
while (1) {<br />
if (WBufLen < 0 || RBufLen < 0) {<br />
fprintf(stderr, "WBufLen < 0 or RBufLen < 0 :|\n");<br />
exit(2);<br />
}<br />
<br />
FD_ZERO(&fdsRead); //Clear FD set<br />
if (RBufLen == 0) FD_SET(sock, &fdsRead); //Add socket<br />
if (WBufLen == 0) FD_SET(0, &fdsRead); //Add stdin<br />
<br />
FD_ZERO(&fdsWrite); //Clear FD set<br />
if (WBufLen > 0) FD_SET(sock, &fdsWrite); //Add socket<br />
if (RBufLen > 0) FD_SET(1, &fdsWrite); //Add stdout<br />
<br />
if (select(sock + 1, &fdsRead, &fdsWrite, NULL, NULL) < 0) {<br />
if (errno == EAGAIN || errno == EINTR) {<br />
continue; //Retry select<br />
} else {<br />
fprintf(stderr, "An unhandled error occured in select: %d", errno);<br />
exit(5);<br />
}<br />
}<br />
<br />
//Read from socket<br />
if (FD_ISSET(sock, &fdsRead) && RBufLen == 0) {<br />
RBufLen = read(sock, RBuf, CaptureLen);<br />
if (RBufLen == 0) {<br />
fprintf(stderr, "End of file on socket\n");<br />
exit(0);<br />
} else if (RBufLen < 0) {<br />
fprintf(stderr, "Some error occured while reading from socket: %d\n", RBufLen);<br />
exit(4);<br />
}<br />
if (DumpStats != 0) fprintf(stderr, "R: %d\n", RBufLen);<br />
}<br />
//Write to socket<br />
if (FD_ISSET(sock, &fdsWrite) && WBufLen > 0) {<br />
write(sock, WBuf, WBufLen);<br />
if (DumpStats != 0) fprintf(stderr, "W: %d\n", WBufLen);<br />
WBufLen = 0;<br />
}<br />
<br />
//Read from stdin (FD 0)<br />
if (FD_ISSET(0, &fdsRead) && WBufLen == 0) {<br />
if (IncludePLen == 1) {<br />
WBufLen = read(0, &PLen, 4);<br />
}<br />
if (IncludePLen == 0 || PLen > CaptureLen) {<br />
PLen = CaptureLen;<br />
}<br />
if (IncludePLen == 0 || WBufLen > 0) {<br />
WBufLen = read(0, WBuf, PLen);<br />
}<br />
if (WBufLen == 0) {<br />
fprintf(stderr, "End of file on stdin\n");<br />
exit(0);<br />
} else if (WBufLen < 0) {<br />
fprintf(stderr, "Some error occured while reading stdin: %d\n", WBufLen);<br />
exit(4);<br />
}<br />
}<br />
//Write to stdout (FD 1)<br />
if (FD_ISSET(1, &fdsWrite) && RBufLen > 0) {<br />
if (IncludePLen == 1) write(1, &RBufLen, 4);<br />
write(1, RBuf, RBufLen);<br />
RBufLen = 0;<br />
}<br />
}<br />
}<br />
</pre></div>Adminhttp://wiki.ucis.nl/index.php?title=Projects/Software/TunTapIO/pcap_rsend.c&diff=152Projects/Software/TunTapIO/pcap rsend.c2022-11-09T14:49:54Z<p>Admin: 1 revision imported</p>
<hr />
<div><pre><br />
/**********************************************************************<br />
* rsfio - filtered raw socket to stdin/out proxy *<br />
* Written by: Ivo Smits <Ivo@UFO-Net.nl> *<br />
* *<br />
* Compile using: gcc pcap_rsend.c -o lpcsio -lpcap -pthread *<br />
* *<br />
* Many thanks to: *<br />
* - http://www.blug.linux.no/rfc1149/ *<br />
* - http://linux.about.com/od/commands/l/blcmdl2_select.htm *<br />
* - http://www.linuxjournal.com/article/4659 *<br />
* - http://www.tcpdump.org/pcap.htm *<br />
* - http://www.winpcap.org/docs/man/html/ *<br />
* - http://www.tcpdump.org/lists/workers/2005/06/msg00102.html *<br />
* - http://www.llnl.gov/computing/tutorials/pthreads/ *<br />
* *<br />
**********************************************************************/<br />
<br />
#include <pthread.h><br />
<br />
#include <stdio.h><br />
#include <stdlib.h><br />
#include <string.h><br />
#include <fcntl.h> <br />
#ifndef HAVE_NETINET_IN_H<br />
#include <netinet/in.h><br />
#endif<br />
<br />
#include <sys/ioctl.h><br />
<br />
#include <errno.h><br />
#include <dirent.h><br />
<br />
#include <errno.h><br />
#include <sys/types.h><br />
#include <sys/socket.h><br />
#include <netpacket/packet.h><br />
#include <netinet/in.h><br />
#include <net/ethernet.h><br />
#include <net/if.h><br />
#include <linux/types.h><br />
#include <linux/filter.h><br />
#include <linux/if_ether.h><br />
<br />
#include <pcap.h><br />
<br />
pthread_t SendThread;<br />
int SendSock;<br />
<br />
int CaptureLen = ETH_FRAME_LEN;<br />
int DumpStats = 1;<br />
int IncludePLen = 1;<br />
<br />
void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet);<br />
void *SendLoop(void *arg);<br />
<br />
// The main program, this is where all the magic happens<br />
int main(int argc, char** argv) {<br />
//Parse command line arguments<br />
if (argc > 1) {<br />
if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0) {<br />
fprintf(stderr, "rsio - raw socket to stdio proxy\n");<br />
fprintf(stderr, "Usage: %s INTF [CLEN] [FILTR]\n", argv[0]);<br />
fprintf(stderr, " INTF: the name of the network interface to connect to\n");<br />
fprintf(stderr, " CLEN: capture size (should be the same as the mtu, default: %d)\n", ETH_FRAME_LEN);<br />
fprintf(stderr, " FILTR: tcpdump style filter expression (man tcpdump)\n");<br />
fprintf(stderr, "Note that the arguments should be in exactly THIS order.\n");<br />
fprintf(stderr, "Report bugs to <Ivo@UFO-Net.nl>\n");<br />
exit(0);<br />
}<br />
} else {<br />
//Application won't run without arguments<br />
//fprintf(stderr, "Try: %s -h\n", argv[0]);<br />
//exit(1);<br />
}<br />
<br />
//Different capture length?<br />
if (argc > 2) CaptureLen = atoi(argv[2]);<br />
if (CaptureLen < 1) {<br />
fprintf(stderr, "Capture length %d invalid!\n", CaptureLen);<br />
exit(1);<br />
}<br />
fprintf(stderr, "Max packet length: %d\n", CaptureLen);<br />
<br />
char *dev, errbuf[PCAP_ERRBUF_SIZE];<br />
<br />
if (argc > 1) {<br />
dev = argv[1];<br />
} else {<br />
if ((dev = pcap_lookupdev(errbuf)) == NULL) {<br />
fprintf(stderr, "Couldn't find default device: %s\n", errbuf);<br />
exit(1);<br />
}<br />
}<br />
fprintf(stderr, "Device: %s\n", dev);<br />
<br />
pcap_t *pcap;<br />
if ((pcap = pcap_open_live(dev, CaptureLen, 1, 0, errbuf)) == NULL) {<br />
fprintf(stderr, "Couldn't open device: %s\n", errbuf);<br />
exit(1);<br />
}<br />
<br />
if (argc > 3) {<br />
fprintf(stderr, "Filter: %s\n", argv[3]);<br />
struct bpf_program *bpfprog;<br />
if (pcap_compile(pcap, &bpfprog, argv[3], 0, 0) == -1) {<br />
fprintf(stderr, "Couldn't compile filter: %s\n", pcap_geterr(pcap));<br />
exit(1);<br />
}<br />
<br />
if (pcap_setfilter(pcap, &bpfprog) == -1) {<br />
fprintf(stderr, "Couldn't install filter: %s\n", pcap_geterr(pcap));<br />
exit(1);<br />
}<br />
}<br />
<br />
int Ret;<br />
<br />
if ((SendSock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) == -1) {<br />
fprintf(stderr, "Failed to create socket: %s\n", strerror(errno));<br />
exit(1);<br />
}<br />
//Bind to given interface by name<br />
{<br />
//Translate interface name to index<br />
struct ifreq ifr;<br />
memset(&ifr, 0, sizeof(ifr));<br />
strcpy(ifr.ifr_name, dev);<br />
if (ioctl(SendSock, SIOCGIFINDEX, &ifr) == -1) {<br />
fprintf(stderr, "Failed to get index for interface: '%s'\n", dev);<br />
close(SendSock);<br />
exit(1);<br />
}<br />
<br />
// Bind to given interface<br />
struct sockaddr_ll sll;<br />
memset(&sll, 0, sizeof(sll));<br />
sll.sll_family = AF_PACKET;<br />
sll.sll_ifindex = ifr.ifr_ifindex;<br />
if (bind(SendSock, (struct sockaddr *)&sll, (socklen_t)sizeof(sll)) == -1) {<br />
fprintf(stderr, "Could not bind to interface '%s': %s\n", dev, strerror(errno));<br />
close(SendSock);<br />
exit(1);<br />
}<br />
<br />
struct sock_filter BPF_code[]= {{ 0x6, 0, 0, 0x00000000 }};<br />
struct sock_fprog Filter; <br />
<br />
Filter.len = 1;<br />
Filter.filter = BPF_code;<br />
<br />
/* Attach the filter to the socket */<br />
if (setsockopt(SendSock, SOL_SOCKET, SO_ATTACH_FILTER, &Filter, sizeof(Filter)) < 0) {<br />
fprintf(stderr, "Failed to attach filter...");<br />
}<br />
}<br />
<br />
if (Ret = pthread_create(&SendThread, NULL, SendLoop, NULL)) {<br />
fprintf(stderr, "Failed to create thread: %d\n", Ret);<br />
exit(1);<br />
}<br />
<br />
fprintf(stderr, "Starting capture!\n");<br />
pcap_loop(pcap, -1, got_packet, NULL);<br />
<br />
fprintf(stderr, "PCap finished: shutting down!\n");<br />
pcap_close(pcap);<br />
<br />
//pthread_kill(SendThread, SIG_KILL);<br />
}<br />
<br />
void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet) {<br />
if (DumpStats != 0) fprintf(stderr, "R: %d\n", header->caplen);<br />
if (IncludePLen == 1) write(1, &header->caplen, 4);<br />
write(1, packet, header->caplen);<br />
}<br />
<br />
void *SendLoop(void *arg) {<br />
unsigned char WBuf[CaptureLen]; //Data buffers<br />
int WBufLen = 0; //Packet length<br />
int PLen;<br />
<br />
//Start an infinite loop<br />
while (1) {<br />
//Read from stdin (FD 0)<br />
if (IncludePLen == 1) {<br />
WBufLen = read(0, &PLen, 4);<br />
}<br />
if (IncludePLen == 0 || PLen > CaptureLen) {<br />
PLen = CaptureLen;<br />
}<br />
if (IncludePLen == 0 || WBufLen > 0) {<br />
WBufLen = read(0, WBuf, PLen);<br />
}<br />
if (WBufLen == 0) {<br />
fprintf(stderr, "End of file on stdin\n");<br />
exit(0);<br />
} else if (WBufLen < 0) {<br />
fprintf(stderr, "Some error occured while reading stdin: %d\n", WBufLen);<br />
exit(1);<br />
}<br />
<br />
//Write to socket<br />
write(SendSock, WBuf, WBufLen);<br />
if (DumpStats != 0) fprintf(stderr, "W: %d\n", WBufLen);<br />
}<br />
}<br />
</pre></div>Adminhttp://wiki.ucis.nl/index.php?title=Projects/Software/TunTapIO/pcap.c&diff=150Projects/Software/TunTapIO/pcap.c2022-11-09T14:49:54Z<p>Admin: 1 revision imported</p>
<hr />
<div><pre><br />
/**********************************************************************<br />
* rsfio - filtered raw socket to stdin/out proxy *<br />
* Written by: Ivo Smits <Ivo@UFO-Net.nl> *<br />
* *<br />
* Compile using: gcc pcap.c -o lpcio -lpcap *<br />
* *<br />
* Many thanks to: *<br />
* - http://www.blug.linux.no/rfc1149/ *<br />
* - http://linux.about.com/od/commands/l/blcmdl2_select.htm *<br />
* - http://www.linuxjournal.com/article/4659 *<br />
* - http://www.tcpdump.org/pcap.htm *<br />
* - http://www.winpcap.org/docs/man/html/ *<br />
* - http://www.tcpdump.org/lists/workers/2005/06/msg00102.html *<br />
* *<br />
**********************************************************************/<br />
<br />
#include <stdio.h><br />
#include <stdlib.h><br />
#include <string.h><br />
#include <fcntl.h> <br />
#ifndef HAVE_NETINET_IN_H<br />
#include <netinet/in.h><br />
#endif<br />
<br />
#include <sys/ioctl.h><br />
<br />
#include <errno.h><br />
#include <dirent.h><br />
<br />
#include <errno.h><br />
#include <sys/types.h><br />
#include <sys/socket.h><br />
#include <netpacket/packet.h><br />
#include <netinet/in.h><br />
#include <net/ethernet.h><br />
#include <net/if.h><br />
#include <linux/types.h><br />
#include <linux/filter.h><br />
#include <linux/if_ether.h><br />
<br />
#include <pcap.h><br />
<br />
int DumpStats = 1;<br />
int IncludePLen = 1;<br />
<br />
void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet);<br />
<br />
// The main program, this is where all the magic happens<br />
int main(int argc, char** argv) {<br />
<br />
//Parse command line arguments<br />
if (argc > 1) {<br />
if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0) {<br />
fprintf(stderr, "rsio - raw socket to stdio proxy\n");<br />
fprintf(stderr, "Usage: %s INTF [CLEN] [FILTR]\n", argv[0]);<br />
fprintf(stderr, " INTF: the name of the network interface to connect to\n");<br />
fprintf(stderr, " CLEN: capture size (should be the same as the mtu, default: %d)\n", ETH_FRAME_LEN);<br />
fprintf(stderr, " FILTR: tcpdump style filter expression (man tcpdump)\n");<br />
fprintf(stderr, "Note that the arguments should be in exactly THIS order.\n");<br />
fprintf(stderr, "Report bugs to <Ivo@UFO-Net.nl>\n");<br />
exit(0);<br />
}<br />
} else {<br />
//Application won't run without arguments<br />
//fprintf(stderr, "Try: %s -h\n", argv[0]);<br />
//exit(1);<br />
}<br />
<br />
int CaptureLen = ETH_FRAME_LEN;<br />
//Different capture length?<br />
if (argc > 2) CaptureLen = atoi(argv[2]);<br />
if (CaptureLen < 1) {<br />
fprintf(stderr, "Capture length %d invalid!\n", CaptureLen);<br />
exit(1);<br />
}<br />
fprintf(stderr, "Max packet length: %d\n", CaptureLen);<br />
<br />
char *dev, errbuf[PCAP_ERRBUF_SIZE];<br />
<br />
if (argc > 1) {<br />
dev = argv[1];<br />
} else {<br />
if ((dev = pcap_lookupdev(errbuf)) == NULL) {<br />
fprintf(stderr, "Couldn't find default device: %s\n", errbuf);<br />
exit(1);<br />
}<br />
}<br />
fprintf(stderr, "Device: %s\n", dev);<br />
<br />
pcap_t *pcap;<br />
if ((pcap = pcap_open_live(dev, CaptureLen, 1, 0, errbuf)) == NULL) {<br />
fprintf(stderr, "Couldn't open device: %s\n", errbuf);<br />
exit(1);<br />
}<br />
<br />
if (argc > 3) {<br />
fprintf(stderr, "Filter: %s\n", argv[3]);<br />
struct bpf_program *bpfprog;<br />
if (pcap_compile(pcap, &bpfprog, argv[3], 0, 0) == -1) {<br />
fprintf(stderr, "Couldn't compile filter: %s\n", pcap_geterr(pcap));<br />
exit(1);<br />
}<br />
<br />
if (pcap_setfilter(pcap, &bpfprog) == -1) {<br />
fprintf(stderr, "Couldn't install filter: %s\n", pcap_geterr(pcap));<br />
exit(1);<br />
}<br />
}<br />
<br />
fprintf(stderr, "Starting capture!\n");<br />
pcap_loop(pcap, -1, got_packet, NULL);<br />
<br />
fprintf(stderr, "PCap finished: shutting down!\n");<br />
pcap_close(pcap);<br />
}<br />
<br />
void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet) {<br />
if (DumpStats != 0) fprintf(stderr, "R: %d\n", header->caplen);<br />
if (IncludePLen == 1) write(1, &header->caplen, 4);<br />
write(1, packet, header->caplen);<br />
}<br />
</pre></div>Adminhttp://wiki.ucis.nl/index.php?title=Projects/Software/TunTapIO&diff=148Projects/Software/TunTapIO2022-11-09T14:49:54Z<p>Admin: 1 revision imported</p>
<hr />
<div>== Description ==<br />
<br />
This page is about some C-applications I wrote to forward data between stdin/out and a tun/tap network interface, a raw socket, or even libpcal (on Linux!). This can be used to bridge network interfaces, bridge a tap interface to some other real interface (and then request a second IP by DHCP, with another MAC address, from the same machine!), or even to build your own VPN (using some other program like netcat). It may also be used for testing purposes and as an easy interface to some network libraries from your own application.<br />
<br />
== Sourcecode ==<br />
<br />
[[Projects/Software/TunTapIO/tuntap.c|tuntap.c]] - tun/tap interface<br />
<br />
[[Projects/Software/TunTapIO/rawsock.c|rawsock.c]] - Raw socket interface<br />
<br />
[[Projects/Software/TunTapIO/pcap.c|pcap.c]] - libpcap interface (CAN NOT send data)<br />
<br />
[[Projects/Software/TunTapIO/pcap_rsend.c|pcap_rsend.c]] - libpcap interface (sends data using a raw socket)<br />
<br />
== How to use ==<br />
<br />
Connect a tap device to another network interface:<br />
mknod net ##Create a named pipe<br />
./rsio eth0 -raw < net 2>/dev/null | ./ttio tap0 -tap > net 2>/dev/null ##Start the applications<br />
<br />
Build your own VPN (run this on both computers):<br />
## INSTALL NETCAT ON BOTH MACHINES!<br />
<br />
## On the server:<br />
nc -lp 9990 | ./ttio testdev --tap 1500 | nc -lp 9991<br />
<br />
## On the client:<br />
nc SERVER_NAME_OR_IP 9990 | ./ttio testdev --tap 1500 | nc SERVER_NAME_OR_IP 9991</div>Adminhttp://wiki.ucis.nl/index.php?title=Projects&diff=146Projects2022-11-09T14:49:54Z<p>Admin: 1 revision imported</p>
<hr />
<div>== Software ==<br />
<br />
* [[Projects/Software/TunTapIO|TunTapIO]] - packet interface to some linux network components<br />
* [[IRCRelay]] - IRC relay software to link (multiple) channels on (different) IRC servers<br />
* [[VANet]] - The Very Anonymous NETwork<br />
* [[QuickTun]] - Very secure, yet simple VPN tunnel software<br />
* [[VNE]] - Virtual Network Environment, a complete TCP/IP/Ethernet implementation in C#<br />
* [[Peer2Cloud]] - Secure, decentralized, peer2peer, anonymous, cloud VPN network (design phase)<br />
* [[UDPMSG3]] - A protocol for encoding chat messages<br />
* [[NaCl]] - Various ports of the NaCl cryptography library, originally by D.J. Bernstein<br />
* [[pNewss]] - Simple and lightweight NNTP server</div>Adminhttp://wiki.ucis.nl/index.php?title=Peer2Cloud&diff=142Peer2Cloud2022-11-09T14:49:53Z<p>Admin: 1 revision imported</p>
<hr />
<div>=== Design decisions ===<br />
# Route discovery on demand, instead of route announcements<br />
# Explicit per packet, source specified route<br />
# End to end NaCl encryption<br />
# Loop detection based on NaCl public keys<br />
# Supports many different types of addresses and protocols, including IPv4 and IPv6<br />
<br />
=== Other features ===<br />
* Cheap source specified routing (just one byte per hop)<br />
* Optional load balancing over multiple routes (will also reduce the impact of a failing route)<br />
* Broken routes are not detected, and thus not used (the discovery has to travel the entire path in both directions)<br />
* Allows for meshes of any form to be built<br />
* No "broadcast" traffic resulting from route announcements<br />
* No more ghost routes<br />
* Actual network topology is mostly hidden from anybody in the network<br />
* Individual IP addresses are authenticated using NaCl public key cryptography<br />
<br />
=== Limitations ===<br />
* Maximum of 255 hops<br />
* Need for broadcasts for route discovery<br />
* Discovery packets are rather large<br />
* Data broadcast packets tend to get rather large because of the key based loop detection<br />
<br />
<br />
<br />
=== Protocol spec (alpha version) ===<br />
<br />
P2P cloud protocol<br />
<br />
* After a Resource Discovery, the IP address and remote private key are cached<br />
* During renewals, the lookup targets the remote private key, the IP address is not queried again<br />
* If multiple private keys announce the same IP address, the IP address should be blocked, until administrator intervention has occured<br />
* Data packets may be encrypted end-to-end (recommended)<br />
* Resource and path discovery packets have a small encrypted data field to verify authenticy of the key<br />
* All packets may be encrypted between peers, but this is not required<br />
* Resource lookups include IPv4 addresses, IPv6 addresses, IPX addresses, and other resources for which recurring communications are useful<br />
* Actual data packets are routed as specified by the originator.<br />
<br />
Routes are specified using local peer ID numbers, these consist of 1 octet per peer, and are meaningful only to a specific node<br />
* It's meaning is comparable to a port number on an ethernet switch<br />
* A local peer ID must be unique within the context of one node<br />
* A local peer ID should not be reused for another peer within a certain time interval<br />
* A local peer may have multiple local peer IDs to hide the network topology<br />
* A node may insert artificial peer IDs to hide the network topology, but this must be done sparingly!<br />
* A node may insert additional peer IDs, if it has more than 255 peers, it can simply use two octets as a 16 bit integer, and pretend to be 2 nodes<br />
* Route specifications for a certain path are usually different in both directions!<br />
* The source of a route lookup may add a one or two octet session identifier, that it associates with the remote public key<br />
<br />
Packet type<br />
# Resource discovery - origin resource, destination resource, trace, keys<br />
# Route discovery - key, trace, keys<br />
# Route confirmation - route, trace<br />
# Route ping - route, trace, data<br />
# Route pong - route, data<br />
# Data - route, data<br />
# Broadcast data - destination resource, keys<br />
<br />
Packet contents<br />
* Flags / Type - Packet type code<br />
* Origin resource (type, value) - Resource that originated a resource discovery<br />
* Destination resource (type, value)- The resource to discover<br />
* Key - The key to discover, or the key that was discovered in a resource discovery<br />
* Route (length, values) - list of peer IDs (bytes), which specifies the intended route<br />
* Trace (length, values) - list of peer IDs (bytes), which specifies the traced route (in a trace/discovery request)<br />
* Keys (count, values) - list of unique keys to prevent loops (in broadcasts)<br />
* Data<br />
<br />
Initializing communication with another node consists of a few steps:<br />
# Path discovery, either:<br />
## Resource discovery - if the remote public key is not known<br />
## Path discovery - if the remote public key is known<br />
# Reverse path confirmation<br />
* Both ends cache the discovered paths, and should regularly verify the known paths (PING).<br />
* Either end may at any time request a new path discovery, if it has insufficient routes, or simply to detect possibly faster/better paths.<br />
<br />
Resource discovery<br />
# The initiator broadcasts a 'Resource discovery' packet to all it's peers<br />
#* Type = resource discovery<br />
#* Optional: Origin resource = initiator resource<br />
#* Destination resource = resource to locate<br />
#* Route = [ initiator session ID ]<br />
#* Keys = [ initiator public key ]<br />
# On reception, a node checks whether it serves the requested resource<br />
## If so:<br />
### It creates a session for the initiator public key (if it does not already exist)<br />
### It adds the traced route to the list of routes for that session<br />
### It sends a Reverse path confirmation via the traced route:<br />
###* Type = route confirmation<br />
###* Origin resource = located resource<br />
###* Key = located public key<br />
###* Route = [ local session ID ]<br />
## If not:<br />
### It checks whether it's key is listed in the Keys field, if so, the packet is discarded<br />
### If the Route field has reached 255 entries, the packet is discarded<br />
### It adds the local peer ID of the sending peer to the Route, and it's local key to Keys<br />
### It broadcasts the packet to all of it's peers (except the sending peer)<br />
### Step 2 repeats<br />
<br />
Path discovery<br />
* This is used when looking for a public key.<br />
* After a resource discovery, the located public key should be cached, and can be re-used in a path discovery.<br />
* The procedure is very similar to the Resource discovery<br />
<br />
== Alternative less promiscuous protocol ==<br />
A sends to X:<br />
A sends discovery to peers B and C, hopcount=1<br />
B sends discovery to C and D, hopcount = 2<br />
C sends discovery to B and D, hopcount = 2<br />
C ignores discovery from B (higher hopcount)<br />
B ignores discovery from C (higher hopcount)<br />
D sends discovery to X (hopcount=3)<br />
D ignores second discovery (time out)<br />
X answers D (hopcount=1, return=4)<br />
D answers B (hopcount=2, return=4), request from B arrived first with equal hopcount<br />
B answers A (hopcount=3, return=4), request from A arrived with lowest hopcount</div>Adminhttp://wiki.ucis.nl/index.php?title=PNewss&diff=140PNewss2022-11-09T14:49:53Z<p>Admin: 1 revision imported</p>
<hr />
<div>pNewss is a NNTP news server written in PHP: the PHP News Server. It's simple (less than thousand lines of code), lightweight (no daemon or big caches needed), not too slow, and backed by your favourite database engine (MySQL, SQLite, etc).<br />
<br />
pNewss currently support all required commands as a server (including POST and IHAVE, to support feeding from other servers). It supports all required commands as a client (to feed from/to other servers), although some improvements are possible to speed things up.<br />
<br />
The sourcecode is available from http://oss.ucis.nl/hg/pnewss/.</div>Adminhttp://wiki.ucis.nl/index.php?title=NaCl/Windows&diff=138NaCl/Windows2022-11-09T14:49:53Z<p>Admin: 2 revisions imported</p>
<hr />
<div>To use [[NaCl]] cryptography on Windows, there are two options:<br />
# Use a [[NaCl#C.23_.2F_.Net_implementation|C#/.Net port]]<br />
# Compile the original NaCl code on Windows<br />
<br />
A native compile of the original sourcecode will usually give the best results in terms of speed and resemblance to the original library. To make compiling NaCl on windows somewhat less painful, I've written a shellscript that extracts/creates all files needed, including a VS.Net/VisualC++.Net 9 project file.<br />
<br />
Note that currently the build script does not support any platform specific optimized implementations of the cryptographic primitives. As a result, performance is usually comparable to or worse than the performance of the C#/.Net code.<br />
<br />
The script currently compiles all reference implementations, but only exports a limited set. If anything you need is not exported, this is easy to change by editing the .def file.<br />
<br />
The output of this script may also be useful to build the NaCl code for other previously unsupported platforms. It creates a file names sources.lst, which lists all the C source code files to compile. Don't forget to add the (generated) includes directory to the include path.<br />
<br />
<pre>#!/bin/sh -e<br />
top="`pwd`/build/windows"<br />
include="$top/include"<br />
source="$top/source"<br />
<br />
export LANG=C<br />
<br />
rm -rf "$top"<br />
mkdir -p "$top"<br />
mkdir -p "$include"<br />
mkdir -p "$source"<br />
<br />
cp "randombytes/devurandom.h" "$include/randombytes.h"<br />
(<br />
echo "#include <windows.h>"<br />
echo "#include <Wincrypt.h>"<br />
echo "#pragma comment(lib, \"crypt32.lib\")"<br />
echo "void randombytes(unsigned char * a,unsigned long long c) {"<br />
echo "HCRYPTPROV hProvider = 0;"<br />
echo "while (1) {"<br />
echo "if (!CryptAcquireContextW(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { Sleep(1); continue; }"<br />
echo "if (!CryptGenRandom(hProvider, (DWORD)c, (BYTE*)a)) { CryptReleaseContext(hProvider, 0); Sleep(1); continue; }"<br />
echo "CryptReleaseContext(hProvider, 0);"<br />
echo "break;"<br />
echo "}"<br />
echo "}"<br />
) > "$source/randombytes.c"<br />
echo "source/randombytes.c" > "$top/sources.lst"<br />
<br />
macros=`cat MACROS`<br />
prototypesc=`cat PROTOTYPES.c`<br />
prototypescpp=`cat PROTOTYPES.cpp`<br />
cat OPERATIONS | while read o<br />
do<br />
[ -d "$o" ] || continue<br />
ls "$o" | sort | while read p<br />
do<br />
[ -d "$o/$p" ] || continue<br />
[ -f "$o/$p/used" ] || continue<br />
op="${o}_${p}"<br />
doth="$o/$p/ref/api.h"<br />
implementationdir=`dirname $doth`<br />
opi=`echo "$implementationdir" | tr ./- ___`<br />
language=c<br />
echo "$op"<br />
(<br />
to="${source}/${op}"<br />
mkdir -p "$to"<br />
cd "$implementationdir"<br />
cfiles=`ls | grep '\.c$' || :`<br />
sfiles=`ls | grep '\.[sS]$' || :`<br />
(<br />
echo "#ifndef ${o}_H"<br />
echo "#define ${o}_H"<br />
echo ""<br />
echo "#include \"${op}.h\""<br />
echo ""<br />
echo "$macros" | egrep "${o}"'$|'"${o}"'\(|'"${o}"'_' | sed "s/$o/$op/" | while read mop<br />
do<br />
echo "#define ${mop} ${mop}" | sed "s/$op/$o/"<br />
done<br />
echo "#define ${o}_PRIMITIVE \"${p}\""<br />
echo "#define ${o}_IMPLEMENTATION ${op}_IMPLEMENTATION"<br />
echo "#define ${o}_VERSION ${op}_VERSION"<br />
echo ""<br />
echo "#endif"<br />
) > "${to}/${o}.h"<br />
(<br />
echo "#ifndef ${op}_H"<br />
echo "#define ${op}_H"<br />
echo ""<br />
sed 's/[ ]CRYPTO_/ '"${opi}"'_/g' < api.h<br />
echo '#ifdef __cplusplus'<br />
echo '#include <string>'<br />
echo "$prototypescpp" | egrep "${o}"'$|'"${o}"'\(|'"${o}"'_' | sed "s/$o/$opi/"<br />
echo 'extern "C" {'<br />
echo '#endif'<br />
echo "$prototypesc" | egrep "${o}"'$|'"${o}"'\(|'"${o}"'_' | sed "s/$o/$opi/"<br />
echo '#ifdef __cplusplus'<br />
echo '}'<br />
echo '#endif'<br />
echo ""<br />
echo "$macros" | egrep "${o}"'$|'"${o}"'\(|'"${o}"'_' | sed "s/$o/$opi/" | while read mopi<br />
do<br />
echo "#define ${mopi} ${mopi}" | sed "s/$opi/$op/"<br />
done<br />
echo "#define ${op}_IMPLEMENTATION \"${implementationdir}\""<br />
echo "#ifndef ${opi}_VERSION"<br />
echo "#define ${opi}_VERSION \"-\""<br />
echo "#endif"<br />
echo "#define ${op}_VERSION ${opi}_VERSION"<br />
echo ""<br />
echo "#endif"<br />
) > "${to}/${op}.h"<br />
<br />
for f in $cfiles $sfiles<br />
do<br />
echo "${op}_${f}"<br />
cp "$f" "${to}/${op}_${f}"<br />
echo "source/${op}/${op}_${f}" >> "$top/sources.lst"<br />
done<br />
<br />
cp -p "${to}/$op.h" "$include/$op.h"<br />
<br />
[ -f "../selected" ] || continue<br />
cp -p "${to}/$o.h" "$include/$o.h"<br />
)<br />
done<br />
done<br />
<br />
(<br />
echo "LIBRARY \"nacl\""<br />
echo "EXPORTS"<br />
echo " crypto_box_curve25519xsalsa20poly1305_ref"<br />
echo " crypto_box_curve25519xsalsa20poly1305_ref_open"<br />
echo " crypto_box_curve25519xsalsa20poly1305_ref_keypair"<br />
echo " crypto_box_curve25519xsalsa20poly1305_ref_beforenm"<br />
echo " crypto_box_curve25519xsalsa20poly1305_ref_afternm"<br />
echo " crypto_box_curve25519xsalsa20poly1305_ref_open_afternm"<br />
) > "$top/nacl.def"<br />
<br />
(<br />
echo "<?xml version='1.0' encoding='Windows-1252'?>"<br />
echo "<VisualStudioProject ProjectType='Visual C++' Version='9,00' Name='nacl' RootNamespace='NaCl'>"<br />
echo "<Platforms><Platform Name='Win32' /></Platforms>"<br />
echo "<ToolFiles></ToolFiles>"<br />
echo "<Configurations>"<br />
echo "<Configuration Name='Release|Win32'"<br />
echo "OutputDirectory='\$(ProjectDir)\$(ConfigurationName)' IntermediateDirectory='\$(ConfigurationName)'"<br />
echo "ConfigurationType='2' CharacterSet='2' WholeProgramOptimization='1'>"<br />
echo "<Tool Name='VCCLCompilerTool' AdditionalIncludeDirectories='include\\' />"<br />
echo "<Tool Name='VCLinkerTool' ModuleDefinitionFile='nacl.def' />"<br />
echo "</Configuration>"<br />
echo "</Configurations>"<br />
echo "<References></References>"<br />
echo "<Files>"<br />
echo "<Filter Name='Source Files' Filter='cpp;c;s'>"<br />
sed "s_/_\\\\_g" "$top/sources.lst" | sed "s_^\\(.*\\)\$_<File RelativePath='\\1' />_"<br />
echo "</Filter>"<br />
echo "<File RelativePath='nacl.def' />"<br />
echo "</Files>"<br />
echo "<Globals></Globals>"<br />
echo "</VisualStudioProject>"<br />
) > "$top/nacl.vcproj"<br />
<br />
rm "$top/sources.lst"</pre></div>Adminhttp://wiki.ucis.nl/index.php?title=NaCl/Shared&diff=135NaCl/Shared2022-11-09T14:49:53Z<p>Admin: 1 revision imported</p>
<hr />
<div>To build a shared, dynamically linkable library from the nacl sourcecode:<br />
# Download and extract the NaCl sourcecode:<br />
wget -O- http://hyperelliptic.org/nacl/nacl-20110221.tar.bz2 | bunzip2 | tar -xf -<br />
cd nacl-20110221<br />
# Remove some implementations that do not want to be relocatable (it will fall back to another implementation)<br />
rm -r crypto_onetimeauth/poly1305/amd64<br />
# Patch the compiler commands to create relocatable code<br />
sed -i "s/$/ -fPIC/" okcompilers/c<br />
# Patch the code to accept application input for the key generation functions<br />
wget -O- http://oss.ucis.nl/nacl/shared/shared.c | patch -p1<br />
# Build the NaCl library, this takes some time...<br />
./do<br />
# Build and locate some utilities used by the nacl build process to find the CPU architecture (and output directory) and an useable compiler<br />
gcc okcompilers/abiname.c -o abiname<br />
ABINAME="$(./abiname "" | cut -b 2-)"<br />
BUILDDIR="build/$(hostname | sed 's/\..*//' | tr -cd '[a-z][A-Z][0-9]')"<br />
NACLLIB="${BUILDDIR}/lib/${ABINAME}/libnacl.a"<br />
OKCOMPILER="$($BUILDDIR/bin/okc-${ABINAME} | head -n 1)"<br />
# Compile some frontend code into a shared library (download, preprocess with NaCl header files, rewrite some lines, compile and link with the static nacl library)<br />
wget -O- http://oss.ucis.nl/nacl/shared/shared.c |<br />
${OKCOMPILER} -x c -E - -I "${BUILDDIR}/include/${ABINAME}" |<br />
sed "s/export_//" |<br />
${OKCOMPILER} -fPIC -nostdlib -shared -Wl,--no-undefined -o "libnacl.so" -x c - -x none "${NACLLIB}"<br />
# Install library to /usr/lib<br />
install -m 644 libnacl.so /usr/lib/<br />
# Install header files to /usr/include/nacl<br />
mkdir /usr/include/nacl<br />
(<br />
cd /usr/include/nacl<br />
wget http://oss.ucis.nl/nacl/shared/crypto_box.h http://oss.ucis.nl/nacl/shared/crypto_box_curve25519xsalsa20poly1305.h http://oss.ucis.nl/nacl/shared/crypto_scalarmult_curve25519.h http://oss.ucis.nl/nacl/shared/crypto_sign_edwards25519sha512batch.h<br />
)<br />
<br />
=== File list ===<br />
* http://hyperelliptic.org/nacl/nacl-20110221.tar.bz2<br />
* http://oss.ucis.nl/nacl/shared/shared.c<br />
* http://oss.ucis.nl/nacl/shared/keypair_random_input.patch<br />
* http://oss.ucis.nl/nacl/shared/crypto_box.h<br />
* http://oss.ucis.nl/nacl/shared/crypto_box_curve25519xsalsa20poly1305.h<br />
* http://oss.ucis.nl/nacl/shared/crypto_scalarmult_curve25519.h<br />
* http://oss.ucis.nl/nacl/shared/crypto_sign_edwards25519sha512batch.h</div>Adminhttp://wiki.ucis.nl/index.php?title=NaCl&diff=133NaCl2022-11-09T14:49:53Z<p>Admin: 8 revisions imported</p>
<hr />
<div>"NaCl (pronounced "salt") is a new easy-to-use high-speed software library for network communication, encryption, decryption, signatures, etc. NaCl's goal is to provide all of the core operations needed to build higher-level cryptographic tools. Of course, other libraries already exist for these core operations. NaCl advances the state of the art by improving security, by improving usability, and by improving speed."<br />
<br />
* Project website: http://nacl.cace-project.eu/<br />
* D. J. Bernstein: http://cr.yp.to/<br />
<br />
== Python and C implementations ==<br />
The NaCl library was originally implemented in Python. It was ported to C afterwards, later also providing C++ language bindings. The C sourcecode is available on http://nacl.cace-project.eu/, and is used in my [[QuickTun]] VPN software.<br />
<br />
The C code is very straight-forward, and trivial to port to C# and JavaScript.<br />
<br />
See [[NaCl/Windows]] for information on building NaCl on Windows.<br />
<br />
=== Building a dynamic shared library from the C code ===<br />
See [[NaCl/Shared]] for information about building a shared, dynamically linkable library. A dynamic shared library and an automated way to build one on Debian/Ubuntu systems, are also available in the repository at http://apt.ucis.nl/. Libsodium (http://www.libsodium.org) provides a more maintainable and up-to-date, compatible, alternative.<br />
<br />
=== Building only reference implementations ===<br />
Sometimes it is desirable to build a generic platform independent library. In this case, it is recommended to only use the reference implementations of the provided primitives. To do so, the patch below can be used on the do script (''patch do patchfile''):<br />
*** do.org 2011-02-27 17:47:19.997126841 +0100<br />
--- do 2011-02-27 18:05:53.837122146 +0100<br />
***************<br />
*** 168,169 ****<br />
--- 168,173 ----<br />
implementationdir=`dirname $doth`<br />
+ implementation=`basename "$implementationdir"`<br />
+ if [ "$implementation" != "ref" -a "$implementation" != "ref2" ]; then<br />
+ continue;<br />
+ fi<br />
opi=`echo "$implementationdir" | tr ./- ___`<br />
<br />
== C# / .Net implementation ==<br />
This is a partial port directly from the original C sourcecode to pure ("unsafe") C# code. All code has been put into classes, and array operations had to be changed to use pointers. Only few changes had to be made to the actual logic.<br />
The sourcecode is available at https://bitbucket.org/IvoSmits/ucis.core as part of the UCIS.Core project. Note that not all code has been ported yet.<br />
<br />
Most of the ported code should be as secure as the original C code. The C# code performs somewhat slower than the original C code, mostly because the original code is highly optimized for specific hardware.<br />
<br />
The C# NaCl library is currently used by the [[VNE]] library to provide [[QuickTun]] VPN tunnel functionality.<br />
<br />
== JavaScript implementation ==<br />
This is another partial port based on the above C# sourcecode to pure browser-compliant JavaScript. It tries to resemble the original sourcecode as close as possible. The sourcecode, as well as an usage example, is available at http://oss.ucis.nl/nacl/js/. Note that only the curve25519xsalsa20poly1305 key generation has been implemented so far - but further porting should be trivial.<br />
<br />
The key generation procedure may be less secure than the original code, due to the use of a possibly pseudo-random number generator. Also, browsers tend to be prone to all kinds of (cross-site) scripting attacks. The code is a lot slower than the original C code, as it's dynamically interpreted. Obviously, it performs best in Google Chrome, then comes Firefox, and is just terribly slow in MSIE. But hey, it works!<br />
<br />
== PHP binding ==<br />
A PHP extension to support some commonly used NaCl functions is available in source form at http://oss.ucis.nl/hg/php_nacl/ and as a debian/ubuntu package at http://apt.ucis.nl/ (php5-nacl).<br />
<br />
Other PHP modules providing similar functionality are available, providing their own, incompatible, interfaces. See below.<br />
<br />
== Other implementations and bindings ==<br />
* PHP (NaCl based): https://github.com/Gasol/pecl-nacl<br />
* PHP (libsodium based): https://github.com/jedisct1/libsodium-php<br />
* C# curve25519: https://github.com/hanswolff/curve25519<br />
* C# curve25519: https://gist.github.com/CodesInChaos/3107182<br />
* Python: http://mojzis.com/software/python-nacl/<br />
* Another partial JavaScript implementation: https://github.com/chriskuehl/nacl.js/<br />
* Partial Java implementation (works on Android!): https://github.com/neilalexander/jnacl<br />
* Libsodium shared library in C for Windows and *NIX: http://www.libsodium.org<br />
* Original implementation in C: http://nacl.cace-project.eu/</div>Adminhttp://wiki.ucis.nl/index.php?title=MARC&diff=124MARC2022-11-09T14:49:53Z<p>Admin: 21 revisions imported</p>
<hr />
<div>MARC is the Magic [[Anonet]] Resource Claims System. This document describes MARC version 2. See [{{fullurl:MARC|oldid=2149}} an older revision of this document] for the previous, now deprecated version of the protocol.<br />
<br />
== Design requirements ==<br />
* Distributes resource claims to all nodes in a network<br />
* Unattended automatic synchronisation should be possible, but people should not be able to alter each others' data<br />
* Support for real-time and offline synchronisation<br />
* Flexible but reliable representation of complex structures (nested arrays, associative arrays, binary strings)<br />
* Should be simple to implement, audit and use<br />
* Conflicts should be prevented, and should not affect other resources or updates<br />
<br />
== Features ==<br />
* Authenticated updates: only the first to claim a resource can update it afterwards (ownership based on first claim)<br />
* Updates are cryptographically signed using the [http://ed25519.cr.yp.to/ ed25519] public-key signature system<br />
* Can use any transport that can transfer an arbitrary block of binary data for synchronization (eg HTTP, e-mail, USB stick, [[UDPMSG3]], git, rsync, newsgroups)<br />
* Can use any storage mechanism that can store blocks of binary data (SQL, flat files)<br />
* Requires to store only the last known version of each resource (but can store older versions if desired)<br />
* A node is allowed not to store unwanted data, or to ignore unwanted updates<br />
<br />
== How? ==<br />
* Resources are identified by a ''label'', a 0-255 byte binary string<br />
* IP addresses, domain names and AS numbers are encoded into a label, all sharing the same namespace<br />
* Resource details are represented in a complex structure (nested arrays, associative arrays, binary strings), which are encoded (binary format) into a binary string, the resource ''value''<br />
* Each resource has a ''serial'' number, a higher serial number represents a more recent version, and should normally replace an older version in the database<br />
* Each resource has a ''status'', which tells whether the resource is taken or has been released (and can be taken by someone else)<br />
* Each time a resource is changed a message is generated, which contains the label, value, status and serial; this message is signed and the cryptographic public key is added to form the ''update'' message<br />
* An update message always contains all resource details<br />
<br />
== Procedure for importing an update message ==<br />
# recommended: if the update serial is lower than the current unix timestamp - 365*24*60*60 (1 year), ignore the update<br />
# recommended: if the update serial is higher than the current unix timestamp + 7*24*60*60 (7 days), ignore the update<br />
# if a resource with the given label exists:<br />
## if the current serial is higher than or equal to the update serial, ignore the update<br />
## ignore the update if:<br />
### the key in the update is different from the current key<br />
### AND the current serial is not lower than the current unix timestamp - 365*24*60*60 (1 year)<br />
### AND (the expiration timestamp is not set OR the expiration timestamp is not lower than the current unix timestamp)<br />
### AND (the transfer-to-key extension is not set or the transfer-to-key extension value does not match the key in the update)<br />
# optional: if the update is too big (per node configuration), ignore the update<br />
# optional: if the label is not acceptable (e.g. does not represent a valid IP network, AS number or domain name; node specific policy), ignore the update<br />
# optional: if the resource value is not acceptable (missing fields, unexpected formatting; node specific policy), ignore the update<br />
# if the update message is not signed with the public key specified in the update message, ignore the update (this can be done earlier)<br />
# optional: import the resource value into existing data structures (e.g. configuration file, resdb, SQL database)<br />
# store update message in the local database, identified/indexed by its label<br />
## resources having a serial lower than the current unix timestamp - 365*24*60*60 (1 year) or an expiration timestamp lower than the current unix timestamp may be deleted from the local database instead, or may be deleted as part of a periodic database maintenance job<br />
<br />
== Layout of an update message ==<br />
* Version number (1 byte, value 2)<br />
* Public key (32 bytes)<br />
* Signature (64 bytes)<br />
* Resource data (m bytes)<br />
** Serial/timestamp (4 bytes, 32 bit big-endian integer, contains the current unix timestamp at the time of signing the resource)<br />
** Label length (1 byte)<br />
** Label (binary string)<br />
** Number of extensions (1 byte)<br />
*** List of extensions: (n blocks)<br />
**** Extension identifier (1 byte, value 1=transfer-to-key, 4=expiration-timestamp)<br />
**** Extension data length (2 bytes, 16 bit big-endian integer)<br />
**** Extension data<br />
***** Identifier 1=transfer-to-key: the field contains a 32 byte public key that is allowed to update the resource in addition to the owning key, or no data (Extension data length = 0) to allow the resource to be updated by any key.<br />
***** Identifier 4=expiration-timestamp: the field contains a 32-bit big-endian integer representing timestamp on which the resource is to be deleted. This value should be ignored if it is higher than Serial+365*24*60*60 (more than one year in the future).<br />
** Encoded value (see [[#Complex structure encoding|Complex structure encoding]], this block covers the remainder of the update message)<br />
<br />
== Complex structure encoding ==<br />
Complex structures are encoded into a binary string as follows:<br />
* NULL (no data)<br />
** Data type, 1 byte, value 0<br />
* String (binary or text string, may contain a textual representation of a number)<br />
** Data type, 1 byte, value 1<br />
** String data<br />
* List (ordered array with no otherwise relevant indices)<br />
** Data type, 1 byte, value 2<br />
** For each item in the collection:<br />
*** Encoded item size in bytes (4 byte, 32 bit big-endian integer)<br />
*** The item is recursively encoded using this scheme<br />
* Dictionary (array with relevant indices, associative array or list of key-value pairs)<br />
** Data type, 1 byte, value 3<br />
** For each item in the dictionary:<br />
*** Key or index string length in bytes, 1 bytes<br />
*** Key or index string<br />
*** Encoded item size in bytes (4 byte, 32 bit big-endian integer)<br />
*** The item is recursively encoded using this scheme<br />
<br />
== Notes ==<br />
* Resources in the deleted status may be removed from the database after some time<br />
* For efficient client-server request-response synchronisation, the server should store the local update timestamp for each resource. The client can store the highest timestamp it has received from the server, and ask for resources newer than the previous timestamp.<br />
* An implementation should remove or at least release resources which have not been updates in more than one year (update timestamp < current unix timestamp - 265*24*60*60), so that it can be registered by any key again. An update with a timestamp of more than a year ago should not be imported. An update with a timestamp more than 7 days in the future should not be imported.<br />
* To prevent expiration of valid resources, an implementation may automatically renew a resource starting 6 months before expiration or may warn the user to take action to renew the resource.<br />
<br />
== Interactive HTTP synchronisation ==<br />
This is currently the preferred method. The server runs a CGI script, for which the client makes either a GET, POST or PUT request.<br />
<br />
The query string for the request contains at least one parameter, 'version'. This section describes protocol version 3. If the client wishes to receive/pull updates from the server, the query string should include a parameter 'get', with a value of either 0 (to retrieve all records) or the value received in the timestamp extension in the response to the previous request if available (see below).<br />
<br />
If the client also wishes to push updates to the server, either the POST or PUT method should be used. For a POST request, the updates to push should be encoded according to the ''application/x-www-form-urlencoded'' MIME type, with field names of ''update[]'', and set the HTTP Content-Type header accordingly. For a PUT request, all updates are sent as one binary block of data, where each update is prefixed with its length in bytes encoded as a 32 bit big-endian integer.<br />
<br />
The server should respond with the HTTP Content-Type header set to ''application/octet-stream''. The response data looks as follows:<br />
* Protocol version, 1 byte, value 3<br />
* Number of extensions (1 byte)<br />
* List of extensions: (n blocks)<br />
** Extension identifier (1 byte, value 2=counters, 3=timestamp)<br />
** Extension data length (2 bytes, 16 bit big-endian integer)<br />
** Extension data<br />
*** Identifier 2=counters: data contains three 32-bit big-endian integers: the number of received update messages, the number of imported update messages and the number of exported update messages<br />
*** Identifier 3=timestamp: data contains a 32-bit big-endian integer, containing the current local unix timestamp minus a few seconds, so that any updates a subsequent synchronization request providing this timestamp as the 'get' parameter will include at least all resources updated after the start of this request which are not part of this response.<br />
* For each exported update (read until all data has been consumed, ignoring the provided number of exported frames):<br />
** Update length, 4 byte, 32 bit big-endian integer<br />
** Update data (see [[#Layout of an update message|Layout of an update message]])<br />
<br />
Note that the defined extensions are optional. The counters extension is purely for informative purposes, the timestamp extension is only used if the server supports incremental synchronization.<br />
<br />
== Anonet resource encoding ==<br />
The different resource types are encoded as follows:<br />
* Key identity<br />
** label (33 bytes)<br />
*** Resource type, 1 byte, value 0<br />
*** Public key, 32 bytes, this must be the same key as the key used to sign the resource, otherwise the resource should not be accepted<br />
** value: dictionary<br />
*** 'owner': optional, string, free text, name of owner<br />
*** 'descr': optional, string, free text, description<br />
*** 'seckey': optional, used to improve deniability by not storing the secret key locally. Contains the first 32 bytes of the secret key in encrypted form.<br />
**** Number of rounds, 32 bit big-endian integer, defining the number of rounds to hash. If rounds is 0, the key is implicitly not encrypted at all.<br />
**** Encrypted key, first 32 bytes of the encrypted secret key as follows: secretkey XOR hash_result, where hash_result is initialized as 64*0x00 and then modified ''Number of rounds'' as hash_result = sha512(hash_result + utf-8(passphrase) + publickey), where + means concatenation, passphrase is an UTF-8 encoded string chosen by the user and the public key is the same as used to sign this record.<br />
* IPv4 network<br />
** label (6 bytes):<br />
*** Resource type, 1 byte, value 1<br />
*** Network address, 4 bytes, network byte order<br />
*** Prefix length, 1 byte, value 0-32<br />
** value: dictionary<br />
*** 'owner': optional, string, free text, name of owner<br />
*** 'descr': optional, string, free text, description<br />
*** 'as': optional, numeric string, as number announcing this network<br />
*** 'ns': optional, dictionary, see the Domain resource type, defines the reverse DNS zone for the IP network<br />
* IPv6 network<br />
** label (18 bytes):<br />
*** Resource type, 1 byte, value 2<br />
*** Network address, 16 bytes<br />
*** Prefix length, 1 byte, value 0-128<br />
** value: dictionary<br />
*** 'owner': optional, string, free text, name of owner<br />
*** 'descr': optional, string, free text, description<br />
*** 'as': optional, numeric string, as number announcing this network<br />
*** 'ns': optional, dictionary, see the Domain resource type, defines the reverse DNS zone for the IP network<br />
* AS number<br />
** label (5 bytes):<br />
*** Resource type, 1 byte, value 3<br />
*** AS number, 4 bytes, 32 bit big-endian integer<br />
** value: dictionary<br />
*** 'owner': optional, string, free text, name of owner<br />
*** 'descr': optional, string, free text, description<br />
*** 'speed': optional, numeric string, speed of this node in Mbit/sec<br />
*** 'hasipv6': optional, NULL, existence indicates that the node has IPv6 connectivity<br />
* Domain<br />
** label (n+1 bytes):<br />
*** Resource type, 1 byte, value 4<br />
*** Domain name, n bytes, all lower case, FQDN format, no terminating dot<br />
** value: dictionary<br />
*** 'owner': optional, string, free text, name of owner<br />
*** 'descr': optional, string, free text, description<br />
*** 'ns': recommended, dictionary listing name servers for the zone<br />
**** Key: string, part before the domain name without dot for in-zone nameservers having a glue record or a FQDN with a final dot for out-of-zone nameservers<br />
**** Value:<br />
***** for an in-zone nameserver: list containing strings, each item defines a glue IPv4 or IPv6 address in text representation.<br />
***** for out-of-zone nameserver: NULL. Should be ignored during export of DNS data for tinydns/bind, regardless of type.<br />
<br />
== Anonet importing rules ==<br />
An implementation is free to handle resources as it wishes. The following list provides recommendations for handling resources. If resources are to be ignored, an implementation may do so either during import into the MARC database, or when viewing and exporting to external systems like a DNS server.<br />
* Key identity resources: resources with a label length other than 33 or defining a key other than the signing key (label[1:32] != public key) should be ignored<br />
* IPv4 network resources: resources with a label length other than 6, with a network not in 1.0.0.0/8 (label[1] != 1) or a prefix length other than 24 (label[4] != 24) should be ignored<br />
* IPv6 network resources: resources with a label length other than 18, with a network not in fd::/8 (label[1] != 0xfd) or a prefix length other than 48 or 64 (label[17] != 48 && label[17] != 64) should be ignored<br />
* Domain resources: the domain name should not be empty and should be a valid fully qualified domain name without trailing dot, the domain name should not contain non-ASCII or uppercase characters; it is recommended that an implementation has a configurable list of parent domains under which domain names can be imported, and that only domains directly under a parent domain are imported; this list should contain the .ano tld, so that *.ano can be claimed but not *.*.ano.</div>Adminhttp://wiki.ucis.nl/index.php?title=Listeq_BoxedVDI&diff=102Listeq BoxedVDI2022-11-09T14:49:53Z<p>Admin: 3 revisions imported</p>
<hr />
<div>Listeq introduces BoxedVDI.<br />
<br />
Listeq has just released its first beta version of its new product: BoxedVDI. BoxedVDI is a software package to create a VDI multiseat solution using a standard PC and up to 6 DisplayLink-powered Zero Client adapters.<br />
<br />
BoxedVDI is the first multiseat solution based on full system virtualization and can run on top of a standard Windows operating system. By using full system virtualization, users can simultaneously use different operating systems. Supported "guest" operating systems include Windows XP, Windows Vista, Windows 7 and various Linux distributions. BoxedVDI provides superior isolation between the user desktops while still maintaining a native, interactive user experience.<br />
<br />
BoxedVDI is compatible with inexpensive DisplayLink powered Zero Client hardware from vendors like Plugable, HP, Wyse, Viewsonic, Targus and Atrust and most HID keyboards and mice.<br />
<br />
BoxedVDI is developed for the educational market to facilitate low cost, low energy, OS independent computer desktops. Instead of using an expensive or difficult to use multi-user operating system to run multiple session, BoxedVDI runs a native single-user operating system for each desktop.<br />
<br />
The product is completely software based and runs on Windows XP, Vista, 7, 32 and 64 bit versions. A Linux version of BoxedVDI is under development.<br />
<br />
A basic setup for 4-6 desktops will need one Zero Client adapter for each desktop, a host computer with Intel i5 processor or better, at least 4GB of memory and Windows 7.</div>Adminhttp://wiki.ucis.nl/index.php?title=Linksys_WAP610N&diff=98Linksys WAP610N2022-11-09T14:49:53Z<p>Admin: 1 revision imported</p>
<hr />
<div>Linksys WAP610N is a 'dual-band' (2.4/5GHz) Wireless A/B/G/N accesspoint.<br />
<br />
== Backdoor ==<br />
To access the router:<br />
telnet 10.11.2.189 1111<br />
where 10.11.2.189 is the IP address of the accesspoint. This will get you into some kind of service console, providing all kinds of commands without any authentication. From here, you can easily brick your router, so be careful. If you feel adventurous, try the HELP command.<br />
<br />
This service console allows to run commands, but it's not very convenient to use. You can enable the built in telnet server using the following command (until the device reboots):<br />
SYSTEM telnetd<br />
<br />
Now you cal telnet to the device and you will see a linux login prompt:<br />
telnet 10.11.2.189<br />
Try to log in using username ''root''. Some reports claim that the default password is ''wlan''.<br />
<br />
In case you can't log in yet, you can change the password from the service console using this command:<br />
SYSTEM (echo admin; sleep 1; echo admin; sleep 1) | passwd<br />
The password for the ''root'' user will now be set to ''admin''.<br />
<br />
The file /README learns us that the device is based on the Metalink Ltd. SDK/scripts. The device is based on the STAR STR9100 hardware and contains a FA526id ARM CPU, running at 153.19 BogoMIPS. It has about 4MByte of flash storage and about 32MB of RAM.</div>Adminhttp://wiki.ucis.nl/index.php?title=Install_Windows_7_on_an_USB_disk&diff=96Install Windows 7 on an USB disk2022-11-09T14:49:53Z<p>Admin: 1 revision imported</p>
<hr />
<div>This article will guide you through the process of creating a bootable Windows 7 USB disk. Not for installing Windows 7, but for actually running Windows 7 from the USB disk. No virtualization tricks, just a real portable Windows 7 disk.<br />
<br />
== Installing Windows 7 onto the USB device ==<br />
First, you'll need to get Windows to install itself on the USB device. This is normally not possible, but there are a few hacks.<br />
<br />
* If you want to install Windows on an USB harddisk, you can remove the harddisk from it's USB casing and install it directly in your computer. You can then install Windows 7 on the disk.<br />
* Alternatively, you can use some virtualzation software (like VMWare or VirtualBox) to 'attach' the USB device as a virtual SATA disk to a virtual machine, and install Windows 7 inside the virtual machine, onto the USB device.<br />
<br />
I'll use VirtualBox to install Windows on my portable USB harddisk. I use Ubuntu Linux on my laptop, so the commands used here may be Linux specific - but Windows equivalents exist!<br />
<br />
# First, I create a 'raw disk' vmdk virtual harddisk file, using the following command: VBoxManage internalcommands createrawvmdk -filename USBDisk.vmdk -rawdisk /dev/sdb -register<br />
#* This command needs to be run as root (Administrator for windows)!<br />
#* USBDisk.vmdk is the filename of the virtual harddisk file we're creating, that will map to the physical device<br />
#* /dev/sdb is the physical device we want to use. Make sure that you use the right drive here, as you might otherwise erase your existing operating system!!!<br />
#* Windows has a different notation for the physical drive notation. It's somewhere in the VirtualBox manual. Google is your friend.<br />
# Then, still as root/Administrator, we create a new virtual machine with sufficient RAM, and attach the newly created .vmdk image to the machine, and attach a Windows 7 installation media to the machine.<br />
# Start the Virtual Machine and proceed the installation as usual.<br />
<br />
== Configuring Windows 7 to boot from the USB device ==<br />
Normally, Windows 7 would not boot from anything it doesn't recognize. This includes USB devices. To fix this, we'll have to run a few commands, as Administrator, on our new Windows 7 installation:<br />
# bcdedit /set {default} detecthal on<br />
# usbbootfix.bat (see below for the contents of this file!)<br />
# StorageBootStart.bat (see below, this is optional, will slow down the boot process but make it a lot more portable!)<br />
<br />
=== usbbootfix.bat contents ===<br />
Copy the text below into a new notepad document and save it as usbbootfix.bat. Make sure to select "All files (*.*)" for the file type!<br />
<pre>@echo off<br />
if "%1"=="fix" goto :fix<br />
<br />
rem -- install task<br />
copy /y "%~f0" "%SystemRoot%\system32\usbbootfix.bat"<br />
SCHTASKS /Create /RU SYSTEM /SC ONEVENT /MO "*[System[Provider[@Name='Microsoft-Windows-UserPnp'] and EventID=20003]]" /EC System /TN USBBootFix /TR "'%SystemRoot%\system32\usbbootfix.bat' fix" /F<br />
rem -- apply other settings<br />
reg add HKLM\SYSTEM\CurrentControlSet\services\pciide /v Start /t REG_DWORD /d 0x0 /f<br />
reg add HKLM\SYSTEM\CurrentControlSet\services\msahci /v Start /t REG_DWORD /d 0x0 /f<br />
reg add HKLM\SYSTEM\CurrentControlSet\services\intelide /v Start /t REG_DWORD /d 0x0 /f<br />
reg add HKLM\SYSTEM\CurrentControlSet\services\viaide /v Start /t REG_DWORD /d 0x0 /f<br />
rem -- run :fix once after install<br />
<br />
:fix<br />
call :fixservice usbehci "Boot Bus Extender"<br />
call :fixservice usbohci "Boot Bus Extender"<br />
call :fixservice usbuhci "Boot Bus Extender"<br />
call :fixservice usbhub "System Bus Extender"<br />
call :fixservice usbstor "SCSI miniport"<br />
goto :eof<br />
<br />
:fixservice<br />
setlocal<br />
set Start=<br />
set Group=<br />
for /f "skip=2 tokens=1,2,*" %%I in ('reg query HKLM\SYSTEM\CurrentControlSet\services\%~1') do (<br />
if "%%I"=="Start" set Start=%%K<br />
if "%%I"=="Group" set Group=%%K<br />
)<br />
if not "%Start%"=="0x0" reg add HKLM\SYSTEM\CurrentControlSet\services\%~1 /v Start /t REG_DWORD /d 0x0 /f<br />
if not "%Group%"=="%~2" reg add HKLM\SYSTEM\CurrentControlSet\services\%~1 /v Group /t REG_SZ /d "%~2" /f<br />
endlocal<br />
goto :eof</pre><br />
<br />
=== StorageBootStart.bat ===<br />
Copy the text below into a new notepad document and save it as StorageBootStart.bat. Make sure to select "All files (*.*)" for the file type!<br />
<pre>@echo off<br />
setlocal<br />
set saveundo=^>^>StorageBootStart_Undo.bat echo <br />
%saveundo% @echo off<br />
for /f "skip=1 tokens=1-5 delims=^&" %%I in ('reg query HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase') do (<br />
if not .%%I==. call :checkcdd %%I %%J %%K %%L %%M<br />
)<br />
endlocal<br />
goto :eof<br />
<br />
:checkcdd<br />
set key=%1<br />
if not .%key:~0,18%==.HKEY_LOCAL_MACHINE goto :eof<br />
if not .%2==. set key=%1^&%2<br />
if not .%3==. set key=%1^&%2^&%3<br />
if not .%4==. set key=%1^&%2^&%3^&%4<br />
if not .%5==. set key=%1^&%2^&%3^&%4^&%5<br />
set class=<br />
set service=<br />
for /f "skip=2 tokens=1,2,*" %%I in ('reg query "%key%"') do (<br />
if /i "%%I"=="ClassGUID" set class=%%K<br />
if /i "%%I"=="Service" set service=%%K<br />
)<br />
if .==.%service% goto :eof<br />
if /i "%class%"=="{4D36E96A-E325-11CE-BFC1-08002BE10318}" goto :storage<br />
if /i "%class%"=="{4D36E97B-E325-11CE-BFC1-08002BE10318}" goto :storage<br />
goto :eof<br />
<br />
:storage<br />
set /a knowsv=knowsv_%service%<br />
if %knowsv%==1 goto:eof<br />
set knowsv_%service%=1<br />
set start=<br />
for /f "skip=2 tokens=1,2,*" %%I in ('reg query HKLM\SYSTEM\CurrentControlSet\services\%service% /v Start') do (<br />
if /i "%%I"=="Start" set /a start=%%K<br />
)<br />
echo %service% %start%<br />
if "%start%"=="0" goto :eof<br />
%saveundo% echo %service% %start%<br />
%saveundo% reg add HKLM\SYSTEM\CurrentControlSet\services\%service% /v Start /t REG_DWORD /d %start% /f<br />
reg add HKLM\SYSTEM\CurrentControlSet\services\%service% /v Start /t REG_DWORD /d 0 /f<br />
goto :eof</pre><br />
<br />
== Many thanks go to ==<br />
After spending a few hours on google, I finally found this thread on http://www.boot-land.net/, containing everything needed to make Windows 7 boot from an USB device. To make sure that this information is not lost, and to make it more accessible, I've written this article.<br />
* Original thread: http://www.boot-land.net/forums/index.php?showtopic=9196<br />
* usbbootfix.bat: http://www.boot-land.net/forums/index.php?s=ebc64b196dd29fd2ee357788df9197ab&act=attach&type=post&id=10315<br />
* StorageBootStart.bat: http://www.boot-land.net/forums/index.php?s=ebc64b196dd29fd2ee357788df9197ab&act=attach&type=post&id=10316</div>Adminhttp://wiki.ucis.nl/index.php?title=Icom_IC-706&diff=94Icom IC-7062022-11-09T14:49:53Z<p>Admin: 1 revision imported</p>
<hr />
<div>== General Information ==<br />
The 706 series consists of the three models 706, 706MKII and 706MKIIG. There are differences between them, see below.<br />
<br />
== IC-706 & IC-706MKII ==<br />
Both models cover 0.03-200 MHz in CW/SSB/AM/NFM/WFM. The only difference is a sometimes built-in DSP unit and a higher output power on 2m.<br />
<br />
== IC-706MKIIG ==<br />
The 'MKIIG is the latest radio of the 706 series. It comes with a built-in DSP unit and covers a frequency range of 0.03-200 and 400-470 MHz in CW/SSB/AM/NFM/WFM.<br />
<br />
== CI-V Interface ==<br />
A very simple alternative to an original $150 CI-V interface can be found at [http://data.dk1ny.ath.cx/civ.png].<br />
<br />
[[Category:GlobalTuners]]</div>Adminhttp://wiki.ucis.nl/index.php?title=IRCRelay/Sourcecode&diff=92IRCRelay/Sourcecode2022-11-09T14:49:53Z<p>Admin: 1 revision imported</p>
<hr />
<div><pre><nowiki><br />
#!/usr/bin/php<br />
<?php<br />
/* Copyright 2010 Ivo Smits <Ivo@UCIS.nl>. All rights reserved.<br />
Redistribution and use in source and binary forms, with or without modification, are<br />
permitted provided that the following conditions are met:<br />
<br />
1. Redistributions of source code must retain the above copyright notice, this list of<br />
conditions and the following disclaimer.<br />
<br />
2. Redistributions in binary form must reproduce the above copyright notice, this list<br />
of conditions and the following disclaimer in the documentation and/or other materials<br />
provided with the distribution.<br />
<br />
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED<br />
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND<br />
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR<br />
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR<br />
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR<br />
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON<br />
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING<br />
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF<br />
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.<br />
<br />
The views and conclusions contained in the software and documentation are those of the<br />
authors and should not be interpreted as representing official policies, either expressed<br />
or implied, of Ivo Smits.*/<br />
<br />
print("UCIS IRC Relay bot (c) 2010 Ivo Smits <Ivo@UCIS.nl>\n");<br />
print("More information: http://wiki.qontrol.nl/IRCRelay\n");<br />
print("\n");<br />
<br />
class Network {<br />
public $key = NULL;<br />
public $name = NULL;<br />
public $socket = NULL;<br />
public $server = NULL;<br />
public $port = 6667;<br />
public $nick = NULL;<br />
public $realnick = NULL;<br />
public $connected = FALSE;<br />
public $connecting = FALSE;<br />
public $timeout = 0;<br />
public $channels = array();<br />
public $addressfamily = AF_INET;<br />
public $active = FALSE;<br />
public $ident = 'none';<br />
public $realname = 'Not set - http://wiki.qontrol.nl/IRCRelay';<br />
public $debug = FALSE;<br />
}<br />
class NetworkChannel {<br />
public $network;<br />
public $channel;<br />
public $name;<br />
public $display;<br />
}<br />
class Channel {<br />
public $name = NULL;<br />
public $links = array();<br />
public function __construct($name) { $this->name = $name; }<br />
}<br />
<br />
$networks = array();<br />
$channels = array();<br />
$status = NULL;<br />
$adminpass = NULL;<br />
<br />
prepare();<br />
configure();<br />
init();<br />
readloop();<br />
<br />
function getchannel($name) {<br />
global $channels;<br />
if (array_key_exists($name, $channels)) return $channels[$name];<br />
$ch = new Channel($name);<br />
$channels[$name] = $ch;<br />
return $ch;<br />
}<br />
function configure() {<br />
global $networks;<br />
global $channels;<br />
global $adminpass;<br />
<br />
print("Loading configuration...\n");<br />
require 'config.php';<br />
<br />
if (isset($config['password'])) $adminpass = $config['password'];<br />
foreach ($config['networks'] as $key => $nc) {<br />
$net = new Network();<br />
$net->key = $key;<br />
$net->server = $nc['server'];<br />
$net->nick = $nc['nick'];<br />
$net->name = isset($nc['name']) ? $nc['name'] : $key;<br />
if (isset($nc['port'])) $net->port = $nc['port'];<br />
if (isset($nc['ident'])) $net->ident = $nc['ident'];<br />
if (isset($nc['realname'])) $net->realname = $nc['realname'];<br />
if (isset($nc['ipv6']) && $nc['ipv6']) $net->addressfamily = AF_INET6;<br />
if (isset($nc['debug']) && $nc['debug']) $net->debug = TRUE;<br />
foreach ($nc['channels'] as $chn => $cf) {<br />
$ch = getchannel($cf['link']);<br />
$nch = new NetworkChannel();<br />
$nch->name = $chn;<br />
$nch->network = $net;<br />
$nch->channel = $ch;<br />
$nch->display = isset($cf['display']) ? $cf['display'] : $net->key;<br />
$ch->links[] = $nch;<br />
$net->channels[$chn] = $nch;<br />
}<br />
$networks[$key] = $net;<br />
$net->active = TRUE;<br />
print('NET '.$net->key.' create'."\n");<br />
}<br />
}<br />
<br />
function prepare() {<br />
global $channels, $status;<br />
print("Starting IRC Relay...\n");<br />
$ch = new Channel('status');<br />
$channels[$ch->name] = $ch;<br />
$status = $ch;<br />
}<br />
<br />
function init() {<br />
global $networks;<br />
print("Initializing...\n");<br />
}<br />
<br />
function readloop() {<br />
global $networks;<br />
<br />
$ltime = 0;<br />
<br />
print("Running\n");<br />
while (TRUE) {<br />
$selread = array();<br />
$selwrite = array();<br />
$selerror = array();<br />
$selcount = 0;<br />
<br />
$ntime = time();<br />
$tdiff = $ntime - $ltime;<br />
$ltime = $ntime;<br />
<br />
foreach ($networks as $net) {<br />
if ($net->connected) {<br />
$selread[] = $net->socket;<br />
$selerror[] = $net->socket;<br />
$selcount++;<br />
} else if ($net->connecting) {<br />
$selwrite[] = $net->socket;<br />
$selerror[] = $net->socket;<br />
$selcount++;<br />
} else if ($net->active) {<br />
$net->timeout -= $tdiff;<br />
if ($net->timeout <= 0) {<br />
$net->connecting = TRUE;<br />
print('NET '.$net->key.' connect '.$net->server.':'.$net->port."\n");<br />
$net->socket = socket_create($net->addressfamily, SOCK_STREAM, SOL_TCP);<br />
socket_set_nonblock($net->socket);<br />
socket_connect($net->socket, $net->server, $net->port);<br />
$selwrite[] = $net->socket;<br />
$selerror[] = $net->socket;<br />
}<br />
}<br />
}<br />
<br />
if (!$selcount) {<br />
sleep(1);<br />
continue;<br />
}<br />
<br />
socket_select(&$selread, &$selwrite, &$selerror, 10);<br />
<br />
foreach ($networks as $net) {<br />
if (in_array($net->socket, $selerror)) {<br />
print('NET '.$net->key.' socket error'."\n");<br />
network_reset($net);<br />
} else if ($net->connected && in_array($net->socket, $selread)) {<br />
if (!network_read($net)) {<br />
print('NET '.$net->key.' read error'."\n");<br />
network_reset($net);<br />
}<br />
} else if ($net->connecting && in_array($net->socket, $selwrite)) {<br />
$net->connected = TRUE;<br />
$net->connecting = FALSE;<br />
print('NET '.$net->key.' identify '.$net->nick."\n");<br />
network_send($net, 'USER '.$net->ident.' host server :'.$net->realname);<br />
network_send($net, 'NICK '.$net->nick);<br />
}<br />
}<br />
}<br />
}<br />
<br />
function network_reset($net) {<br />
print('NET '.$net->key.' reset'."\n");<br />
socket_close($net->socket);<br />
$net->connected = FALSE;<br />
$net->connecting = FALSE;<br />
$net->readbuffer = '';<br />
$net->timeout = 60;<br />
}<br />
<br />
function network_read($net) {<br />
$newdata = socket_read($net->socket, 1024);<br />
if ($newdata === FALSE || !strlen($newdata)) return FALSE;<br />
$net->readbuffer .= $newdata;<br />
$offset = 0;<br />
$len = strlen($net->readbuffer);<br />
while ($offset < $len) {<br />
$posa = strpos($net->readbuffer, "\n", $offset);<br />
$posb = strpos($net->readbuffer, "\r", $offset);<br />
if ($posa !== FALSE && $posb !== FALSE) {<br />
$pos = min($posa, $posb);<br />
} else if ($posa !== FALSE) {<br />
$pos = $posa;<br />
} else if ($posb !== FALSE) {<br />
$pos = $posb;<br />
} else {<br />
break;<br />
}<br />
$line = substr($net->readbuffer, $offset, $pos - $offset);<br />
if (strlen($line)) {<br />
if (!network_process($net, $line)) return FALSE;<br />
}<br />
$offset = $pos + 1;<br />
}<br />
if ($offset == $len) {<br />
$net->readbuffer = '';<br />
} else if ($offset != 0) {<br />
$net->readbuffer = substr($net->readbuffer, $offset);<br />
}<br />
return TRUE;<br />
}<br />
<br />
function network_process($net, $line) {<br />
global $adminpass;<br />
if ($net->debug) print('NET '.$net->key.' recv '.$line."\n");<br />
$partsa = explode(' :', $line, 2);<br />
$parts = explode(' ', $partsa[0]);<br />
if ($parts[0][0] == ':') {<br />
$sender = substr(array_shift(&$parts), 1);<br />
} else {<br />
$sender = NULL;<br />
}<br />
$command = array_shift(&$parts);<br />
if (count($partsa) > 1) array_push(&$parts, $partsa[1]);<br />
$partsa = explode('!', $sender);<br />
$sendernick = $partsa[0];<br />
switch (strtoupper($command)) {<br />
case '001': //Welcome<br />
$net->realnick = $parts[0];<br />
print('NET '.$net->key.' welcome '.$net->realnick."\n");<br />
foreach ($net->channels as $ch) network_send($net, "JOIN :".$ch->name);<br />
break;<br />
case '433': //Nickname in use<br />
print('NET '.$net->key.' nickname_in_use'."\n");<br />
network_send($net, "NICK ".$net->nick.rand(100,999));<br />
break;<br />
case 'NICK': //Nickname change<br />
if (strcasecmp($sendernick, $net->realnick)) {<br />
$net->realnick = $parts[0];<br />
print('NET '.$net->key.' nickname '.$net->realnick."\n");<br />
}<br />
break;<br />
case 'PING':<br />
network_send($net, 'PONG :'.$parts[0]);<br />
break;<br />
case 'PRIVMSG':<br />
case 'NOTICE':<br />
if ($parts[0][0] == '#') {<br />
$to = $parts[0];<br />
} else {<br />
$to = $sendernick;<br />
if (!is_null($adminpass) && $parts[1][0] == '.' && substr($parts[1], 1, strlen($adminpass)) === $adminpass) {<br />
$ret = admincmd(array_slice(explode(' ', $parts[1]), 1));<br />
network_send($net, 'PRIVMSG '.$to.' :'.$ret);<br />
break;<br />
} <br />
}<br />
if (!array_key_exists($to, $net->channels)) {<br />
print('NET '.$net->key.' privmsg '.$sendernick.' @ '.$to.' - '.$parts[1]."\n");<br />
break;<br />
}<br />
$ch = $net->channels[$to];<br />
$prefix = '['.$sendernick.(is_null($ch->display) ? '' : ' @ '.$ch->display).'] ';<br />
if (ord($parts[1][0]) == 1) { //CTCP<br />
if (substr($parts[1], 1, 6) != 'ACTION') break;<br />
$msg = chr(1).'ACTION '.$prefix.substr($parts[1], 8, -1).chr(1);<br />
} else {<br />
$msg = $prefix.$parts[1];<br />
}<br />
channel_send($ch->channel, $msg, $ch, $command == 'NOTICE');<br />
break;<br />
case '372': //Motd<br />
case '376': //End of moth<br />
case '002': //Your host<br />
case '003': //This server<br />
case '004': //Version<br />
case '005': //Supported<br />
case '422': //Motd missing<br />
case '251': case '254': case '255': case '265': case '266': case '396': case '353': case '366':<br />
case '252': case '375':<br />
case 'MODE':<br />
case 'JOIN':<br />
case 'PART':<br />
case 'QUIT':<br />
break;<br />
default:<br />
print('NET '.$net->key.' unknown '.$line."\n");<br />
}<br />
return TRUE;<br />
}<br />
<br />
function network_send($net, $line) {<br />
if ($net->debug) print('NET '.$net->key.' send '.$line."\n");<br />
$line .= "\r\n";<br />
socket_send($net->socket, $line, strlen($line), 0);<br />
}<br />
<br />
function channel_send($ch, $message, $source = NULL, $notice = FALSE) {<br />
foreach ($ch->links as $link) {<br />
if ($link->network->connected && $link !== $source) {<br />
network_send($link->network, ($notice ? 'NOTICE ' : 'PRIVMSG ').$link->name.' :'.$message);<br />
}<br />
}<br />
}<br />
<br />
function admincmd($parts) {<br />
global $channels, $networks;<br />
switch (strtolower($parts[0])) {<br />
case 'die': exit(0);<br />
case 'c': case 'chn': case 'chan': case 'channel':<br />
switch (strtolower($parts[1])) {<br />
case 'join': case 'part': case 'rejoin': case 'msg': case 'links':<br />
if (!isset($channels[$parts[2]])) return 'ERR Channel does not exist';<br />
return admincmd_channel($parts[1], $channels[$parts[2]], array_slice($parts, 3));<br />
case 'list': return 'OK '.implode('; ', array_keys($channels));<br />
case 'help':<br />
return 'OK list; links [ch]; join [ch]; part [ch]; rejoin [ch]; msg [ch] [msg]; help';<br />
}<br />
break;<br />
case 'n': case 'net': case 'network':<br />
switch (strtolower($parts[1])) {<br />
case 'disconnect': case 'raw': case 'join': case 'part': case 'rejoin': case 'msg': case 'delete': case 'info': case 'status': case 'channels': case 'set': case 'active': case 'ipv6': case 'link': case 'unlink': case 'linkinfo':<br />
if (!isset($networks[$parts[2]])) return 'ERR Network does not exist';<br />
return admincmd_network($parts[1], $networks[$parts[2]], array_slice($parts, 3));<br />
case 'list': return 'OK '.implode('; ', array_keys($networks));<br />
case 'help':<br />
return 'OK list; disconnect [net]; raw [net] [text]; join [net] [ch]; part [net] [ch]; rejoin [net] [ch]; msg [net] [ch] [msg]; help; delete; info; status; channels; set [name] [server] [port] [nick]; active [enable]; ipv6 [enable]; link [name] [channel] [display]; unlink [name]; linkinfo [name]';<br />
}<br />
break;<br />
case 'help':<br />
return 'OK die; channel help; network help';<br />
}<br />
return 'ERR Unknown command';<br />
}<br />
<br />
function admincmd_channel($cmd, $chn, $parts) {<br />
switch (strtolower($cmd)) {<br />
case 'links':<br />
$arr = array();<br />
foreach ($chn->links as $link) $arr[] = $link->network->key.'/'.$link->name;<br />
return 'OK '.implode('; ', $arr);<br />
case 'join':<br />
foreach ($chn->links as $link) if ($link->network->connected) network_send($link->network, 'JOIN '.$link->name);<br />
return 'OK';<br />
case 'part':<br />
foreach ($chn->links as $link) if ($link->network->connected) network_send($link->network, 'PART '.$link->name);<br />
return 'OK';<br />
case 'rejoin':<br />
foreach ($chn->links as $link) if ($link->network->connected) network_send($link->network, 'PART '.$link->name);<br />
foreach ($chn->links as $link) if ($link->network->connected) network_send($link->network, 'JOIN '.$link->name);<br />
return 'OK';<br />
case 'msg':<br />
foreach ($chn->links as $link) if ($link->network->connected) network_send($link->network, 'PRIVMSG '.$link->name.' :'.implode(' ', array_slice($parts, 0)));<br />
return 'OK';<br />
}<br />
return 'ERR Unknown command';<br />
}<br />
function admincmd_network($cmd, $net, $parts) {<br />
global $channels;<br />
switch (strtolower($cmd)) {<br />
case 'disconnect':<br />
network_reset($net);<br />
return 'OK';<br />
case 'raw':<br />
network_send($net, implode(' ', array_slice($parts, 0)));<br />
return 'OK';<br />
case 'join':<br />
network_send($net, 'JOIN '.$parts[0]);<br />
return 'OK';<br />
case 'part':<br />
network_send($net, 'PART '.$parts[0]);<br />
return 'OK';<br />
case 'rejoin':<br />
network_send($net, 'JOIN '.$parts[0]);<br />
network_send($net, 'PART '.$parts[0]);<br />
return 'OK';<br />
case 'msg':<br />
network_send($net, 'PRIVMSG '.$parts[0].' :'.implode(' ', array_slice($parts, 1)));<br />
return 'OK';<br />
case 'delete':<br />
network_Reset($net);<br />
unset($networks[$net->key]);<br />
return 'OK';<br />
case 'info':<br />
return 'OK key='.$net->key.'; name='.$net->name.'; server='.$net->server.'; port='.$net->port.'; nick='.$net->nick.'; active='.$net->active.'; af='.$net->addressfamily;<br />
case 'status':<br />
return 'OK connected='.$net->connected.'; connecting='.$net->connecting.'; timeout='.$net->timeout.'; nick='.$net->realnick;<br />
case 'channels':<br />
return 'OK '.implode('; ', array_keys($net->channels));<br />
case 'set':<br />
$net->name = $parts[0];<br />
$net->server = $parts[1];<br />
$net->port = (int)$parts[2];<br />
$net->nick = $parts[3];<br />
return 'OK';<br />
case 'active':<br />
$net->active = $parts[0];<br />
return 'OK';<br />
case 'ipv6':<br />
$net->addressfamily = $parts[0] ? AF_INET6 : AF_INET;<br />
return 'OK';<br />
case 'link':<br />
if (isset($net->channels[$parts[0]])) return 'ERR Channel already linked';<br />
$link = new NetworkChannel();<br />
$link->name = $parts[0];<br />
$link->network = $net;<br />
$link->channel = getchannel($parts[1]);<br />
$link->display = implode(' ', array_slice($parts, 2));<br />
$link->channel->links[] = $link;<br />
$net->channels[$link->name] = $link;<br />
if ($net->connected && $link->name[0] == '#') network_send($net, 'JOIN '.$link->name);<br />
return 'OK';<br />
case 'unlink':<br />
if (!isset($net->channels[$parts[0]])) return 'ERR Channel not linked';<br />
$link = $net->channels[$parts[0]];<br />
unset($net->channels[$link->name]);<br />
foreach ($link->channel->links as $k => $l) if ($l === $link) unset($link->channel->links[$k]);<br />
if (!count($link->channel->links)) unset($channels[$link->channel->name]);<br />
if ($net->connected && $link->name[0] == '#') network_send($net, 'PART '.$link->name);<br />
return 'OK';<br />
case 'linkinfo':<br />
if (!isset($net->channels[$parts[0]])) return 'ERR Channel not linked';<br />
$link = $net->channels[$parts[0]];<br />
return 'OK channel='.$link->channel->name.'; display='.$link->display;<br />
}<br />
return 'ERR Unknown command';<br />
}<br />
</nowiki></pre></div>Adminhttp://wiki.ucis.nl/index.php?title=IRCRelay&diff=90IRCRelay2022-11-09T14:49:53Z<p>Admin: 1 revision imported</p>
<hr />
<div>== UCIS IRC Relay ==<br />
This software links (multiple) channels on (different) IRC networks together by passing messages between them. It is possible to link channels among different networks, as well as to link channels on the same network. Multiple channels (more than two) can be linked together. It is even possible to link in a private conversation with one or more predefined individuals/nicknames.<br />
<br />
The relay can be configured through a simple configuration file, as well as at run-time through the use of commands via the IRC session. Run-time changes are NOT saved!<br />
<br />
== License ==<br />
The software is released under the terms of the BSD license. If you like or use the software, you are welcome to let me know by sending an e-mail (see below) and you may even send me some money (see below).<br />
<br />
== Usage ==<br />
Make sure to configure the software first (see below). Then just run the main program file ''relay.php'', using either ''./relay.php'', ''php relay.php'' or a supervisor daemon like daemontools, runit or supervisor. Make sure that the suprtvisor daemon sets the working directory appropriately so the program can find it's configuration file.<br />
<br />
== Contact ==<br />
* By e-mail: [mailto:ivo@ucis.nl Ivo@UCIS.nl]<br />
* On IRC: Ivo or UFO in #Chat on [irc://irc.kwaaknet.org/chat irc.kwaaknet.org]<br />
* Paypal: Ivo@UFO-Net.nl - thank you very much!<br />
* MSN Messenger: Ivo@UFO-Net.nl<br />
<br />
== Configuration ==<br />
The configuration data is contained in one simple php file, ''config.php'' (see below for an example configuration). The configuration consists of a few nested arrays:<br />
* $config - associative array containing all configuration data<br />
** $config['password'] - administrator login password, leave out or set to NULL to disable run-time administration<br />
** $config['networks'] - associative array listing all IRC networks to connect to<br />
*** $config['networks'][$key] - associated array listing the configuration for the network with short name $key<br />
**** $config['networks'][$key]['nick'] - nickname to use on this IRC network<br />
**** $config['networks'][$key]['server'] - IRC server address, either a domain name or IP address<br />
**** $config['networks'][$key]['port'] - IRC server port number (optional, defaults to 6667)<br />
**** $config['networks'][$key]['name'] - long name for the network (optional)<br />
**** $config['networks'][$key]['ident'] - username/ident (optional)<br />
**** $config['networks'][$key]['realname'] - real name (optional)<br />
**** $config['networks'][$key]['ipv6'] - set to true to connect using IPv6 (optional, defaults to false)<br />
**** $config['networks'][$key]['debug'] - set to true to enable debugging for this network (optional, defaults to false)<br />
**** $config['networks'][$key]['channels'] - yet another associative array containing the channel configuration for this network<br />
***** $config['networks'][$key]['channels'][$name] - associative array containing the configuration for a channel named $channel (eg #chat or an individual nickname)<br />
****** $config['networks'][$key]['channels'][$name]['link'] - indicates which channels to link to, all channels having the same link property are connected<br />
****** $config['networks'][$key]['channels'][$name]['display'] - short text to prefix messages originating from this channel (optional)<br />
<br />
== Source code ==<br />
=== relay.php ===<br />
You can find the main program file here: [[IRCRelay/Sourcecode]]. Just copy-paste the code into your favourite text editor and save it as a .php file.<br />
<br />
=== config.php (example) ===<br />
This is an example configuration file. Make sure to change it according to your needs.<br />
<pre><nowiki><?php<br />
$config = array(<br />
'password' => NULL,<br />
'networks' => array(<br />
'KN' => array(<br />
'name' => 'Kwaaknet.org',<br />
'server' => 'irc.kwaaknet.org',<br />
'port' => 6667,<br />
'nick' => 'IRCRelay',<br />
'channels' => array(<br />
'#ircrelay' => array('display' => 'KN', 'link' => 'main'),<br />
),<br />
), 'FN' => array(<br />
'name' => 'freenode',<br />
'server' => 'irc.freenode.net',<br />
'nick' => 'IRCRelay',<br />
'channels' => array(<br />
'#ircrelay' => array('display' => 'AN', 'link' => 'main'),<br />
),<br />
),<br />
),<br />
);</nowiki></pre></div>Adminhttp://wiki.ucis.nl/index.php?title=Main_Page&diff=88Main Page2022-11-09T14:49:53Z<p>Admin: 3 revisions imported</p>
<hr />
<div>== Categories ==<br />
*[[Projects]] - About my projects =)<br />
*[[GlobalTuners]]<br />
*[[Anonet]]<br />
<br />
== Links ==<br />
*[http://www.ufo-net.nl/ UFO-Net.nl] - Mijn persoonlijke website<br />
*[http://www.ucis.nl/ UCIS.nl] - Mijn bedrijfswebsite<br />
*[http://www.globaltuners.com/ GlobalTuners.com] - On-line afstandsbestuurbare radio-ontvangers<br />
<br />
== External links ==<br />
*[http://www.meertens.knaw.nl/nfb/ Nederlandse Familienamenbank]<br />
<br />
== Contact ==<br />
*IRC: [http://webchat.kwaaknet.org/ IRC.UFO-Net.nl #Chat]<br />
*Email: Ivo@UFO-Net.nl</div>Adminhttp://wiki.ucis.nl/index.php?title=GlobalTuners:Userlevels&diff=84GlobalTuners:Userlevels2022-11-09T14:49:53Z<p>Admin: 1 revision imported</p>
<hr />
<div>The user levels, and their capabilities need to be changed. 'Admins' should have only a bare minimum of permissions and should not be able to do things we don't want them to - mostly uncommon but important tasks - they can always ask someone else to do it.<br />
<br />
Every account has one of the following user levels:<br />
= User level Display as (to normal users) Prefix<br />
External user (no account) - - ([unregisted] suffix)<br />
Banned Banned<br />
Awaiting e-mail activation Unconfirmed user<br />
Awaiting admin activation Unconfirmed user<br />
Trial user New user [T]<br />
Normal user Registered user [R] (optional)<br />
New site operator Site operator %<br />
Site operator Site operator %<br />
Support team Support team @<br />
User administration User administration @<br />
Moderators Administrator @<br />
Admin Administrator @<br />
SuperAdmin Administrator @<br />
* 'User level' indicates the internal code as used by the team<br />
* 'Display as' indicates how the user level is indicated to non-admin users<br />
* 'Prefix' indicates the prefix in the user list in the receiver interface, the default suffix is [Location, Country]<br />
<br />
<br />
Privileged actions and the required minimum user level:<br />
= Action Minimum level<br />
Request support Logged in<br />
Write forum post Trial user<br />
Read user info Trial user<br />
Tune receiver (limited) Trial user<br />
Tune receiver Normal user<br />
Kick user New site operator<br />
Login with lower level (for tests) Site operator<br />
Tune receiver (unlimited) Site operator<br />
Temp ban user Site operator<br />
Support Support team<br />
Perm ban user Support team<br />
Restore user password User administration<br />
Change user profile User administration<br />
Activate user User administration<br />
Change user name/email User administration<br />
Global support (access assigned) Moderators<br />
Wiki editor (create/delete) Moderators<br />
Edit any receiver Moderators (Receiver team??)<br />
Forum post moderation (edit/delete) Admin<br />
Forum editor (forums/categories) Admin<br />
Content editor (some pages) Admin<br />
Change user level Admin<br />
Log in as any other user SuperAdmin<br />
<br />
[[Category:GlobalTuners]]</div>Adminhttp://wiki.ucis.nl/index.php?title=GlobalTuners:Newsletter:2&diff=42GlobalTuners:Newsletter:22022-11-09T14:49:52Z<p>Admin: 2 revisions imported</p>
<hr />
<div><pre style="white-space: pre-wrap"><br />
Dear ...,<br />
<br />
More than two years have passed since our last newsletter. In the meantime, we've grown from almost 19 thousand registered users to more than 44 thousand accounts. .........<br />
<br />
We have made a few changes to the website and the systems behind it recently. We have, once again, developed a completely new receiver interface: easier to maintain, providing some new functions, adapting to the receiver and providing shorter audio delays. We've teamed up with the Global Frequency Database to replace the old bandguides and user loggings with a more intuitive and complete frequency database and logging system: keeping a list of favourites, logging a station with a single click, searching through the frequency lists and automatic identification of a station by its frequency are just a few options.<br />
<br />
We've also added IPv6 support to the website. The internet is slowly moving towards this new internet protocol, and we will be ready when your internet service provider switches over. If you have IPv6-connectivity, you can access the site through http://ipv6.globaltuners.com/. If you have no clue what this means, don't worry, we'll be ready for what's going to happen.<br />
<br />
If you happen to have a Facebook account, I would like to invite you to join our Facebook page at http://www.facebook.com/GlobalTuners , where you can share pictures and videos related to GlobalTuners.<br />
<br />
Preparations have been made to allow public access, without registration, to the receivers. This has been requested by a few operators, so they could provide direct access to their receiver. We will probably soon start a test with one publicly accessible receiver. External guest users will have [G] or [E] prefixed before their name and will have limited privileges, so they can not hijack the receiver.<br />
<br />
From now on, we will try to send out a newsletter every month. If you do not want to receive any more newsletters from us, you can easily unsubscribe by clicking the following link: {unsublink}<br />
<br />
Kind regards,<br />
The GlobalTuners team<br />
http://GlobalTuners.com<br />
Support@GlobalTuners.com<br />
</pre></div>Adminhttp://wiki.ucis.nl/index.php?title=GlobalTuners:Newsletter:1&diff=39GlobalTuners:Newsletter:12022-11-09T14:49:52Z<p>Admin: 1 revision imported</p>
<hr />
<div>Dear GlobalTuners (that's you!),<br />
<br />
First of all, we would like to wish you a merry christmas (I know we<br />
are late, but we've been busy, too!) and a happy new year!<br />
<br />
Last year hasn't only be the second year of existence for GlobalTuners,<br />
it's also been a great year. The number of users and receivers has<br />
almost doubled! But still, we can see it's all far from perfect and we<br />
will keep on improving not only our technologies, but also our support<br />
towards you.<br />
<br />
Last year, we've also lost some valuable receivers. We realize that we've<br />
not always been able to help you and answer your questions as needed, but<br />
we hope you can understand that it can be a really time consuming process<br />
to add support for specific receivers, find a stable setup and so on.<br />
Often e-mails get lost or are simply forgotten. We would like to ask you<br />
not to give up that easily and just remind us. An efficient way to contact<br />
us is the Global Chat at http://chat.gtuners.com/ - just ask your question<br />
and someone will answer you as soon as possible.<br />
<br />
We also noticed that the website has lost it's focus - the receivers. We've<br />
been working on that as well and we will proudly present the result to you<br />
next year. The result will be released some time on 1. january 2010,<br />
between 12:00 and 23:00 GMT, depending on the quality of Ivo's New Year party<br />
- make sure to check it out!<br />
<br />
Some of you have asked if there's a possibility to make a donation to support<br />
GlobalTuners. Well, there still isn't. However, there are a few ways you<br />
can help GlobalTuners. If you really want to make a financial donation,<br />
you may choose to support one of our Site Operators so they can keep their<br />
receivers on-line. Another way to help GlobalTuners is to just spread the<br />
word. Tell the world about GlobalTuners: invite your friends, write articles,<br />
create YouTube movies or even just link to GlobalTuners from your own website.<br />
If you send us a link to your article, movie or website we will add a link<br />
to your work somewhere on GlobalTuners.<br />
<br />
If you happen to have a Facebook account, you may want to join our Facebook<br />
group on http://fb.gtuners.com to get in touch with other members and share<br />
pictures and videos.<br />
<br />
From now on, we will try to send out a newsletter every month. If you do not<br />
want to receive any more newsletters from us, you can easily unsubscribe by<br />
clicking the following link:<br />
{unsublink}<br />
<br />
We wish you all a happy new year with many new contacts - be it on the radio,<br />
the internet or in "real life".<br />
<br />
Kind regards,<br />
<br />
The GlobalTuners team<br />
http://GlobalTuners.com<br />
Support@GlobalTuners.com<br />
<br />
<br />
<br />
<br />
[[Category:GlobalTuners]]<br />
[[Category:GlobalTuners:Newsletter]]</div>Adminhttp://wiki.ucis.nl/index.php?title=GlobalTuners:Changes&diff=35GlobalTuners:Changes2022-11-09T14:49:52Z<p>Admin: 1 revision imported</p>
<hr />
<div>== Tim @ 2009-12-01 17:48 ==<br />
Regarding why site operators and their radio systems may be coming-and-leaving the GT site. I would be happier if the site was more sensitive to the site operators' needs, it's the site ops that very much make the site what it is, after all.<br />
<br />
# It is difficult to understand, why the site's management (sorry, but this includes Ivo) will find time to answer plain users' support tickets sent via the GT support system, but will not answer for weeks just as old support tickets via the GT support system sent by site operators, or tickets that had been assigned to Ivo (e.g. re. London nodes). People can obviously feel ignored, it's been mentioned in a recent support ticket, e.g re. London nodes and not only.<br />
# It would be encouraging to see the key site figures (especially decision makers as Ivo) to be involved in this thread, rather than just some few of us who cannot form site-policies and cannot hence make any difference.<br />
# Site operators, for the site's benefit, leave antennas connected to expensive equipment, either when they are at work or when they are asleep, 24/7. Any, e.g. electric discharge, could zap multiple expensive radios, computers, if not more. We know of radios that have already been fried, and never came back to GT.<br />
#* It would be helpful to understand why the site (management) takes no position regarding either the expenses issues, or rare d-x country or red-hot nodes leaving the site, or the risks we are taking on a daily basis. Would this encourage anyone to set up a new node (e.g. Oxford), if one knows they are left on their own in the cold, when it comes to footing all the bills? Why pay if mostly noone else pays, or is even given the option to be reliably supported by the very site itself?<br />
<br />
Being upfront and straightforward, I would love to see the site one day,<br />
# Being more mindful to its site operators so that they feel valued at least by the site if not by its thousands of users. Nearly no-one from our "18154" member base -apart from Admin Bjorn- responded to Hong-Kong's return, as if it had made no difference? See: www.globaltuners.com/forum/thread.php?tid=483<br />
# Giving some financial support option to the site ops IF they may need it, either as site-advert revenues, or a time-charge-system to use specific radios who choose this option or equipment donation to African, Asian developing countries, (always as an available option), or any idea that our Forum will generate some more reliable income than the optional PayPal Donate button, which as we know, is statistically is ignored. I can't see any problems for anyone if we had a MIXED system of free and properly (not just optional Donate PayPal) financially supported nodes. People could pick and choose, freely, usually what we pay is what we get, sadly..<br />
# Seeing the site actively chase site operators back to the site (and sharing this info with the Forum) especially when it comes to very sought after areas such as Afghanistan, or Metropolitan areas! We need a leaver's inteveriew, not only welcoming people to the site, but also showing that we care, parting as friends who are likely to one day return and bring more fellows along.<br />
# I have reservations about the "Top List" statistic.. Yes, it may create "competition", among site operators to improve etc etc..but it also has flaws: <br />
#* It doesn't really log reliably, when you see people appearing to be logged on the radio (even in the Status sometimes) and the very users saying in support tickets they have logged out hours ago.<br />
#* Who would be really encouraged to leave their radio on the GT site if it's at around bottom of the "Top-List"? ? It can be pretty demoralizing and we know that it has sadly led people to remove their radios from the site, they've said it in the Forum and/or the News..<br />
#* Instead I would much rather see synergy, not competition among us and instead of being "ranked" in some "Top List" we could have a counter per node for the eyes only of the site-op and/or Admins to monitor site traffic, a much more discreet and less embarrassing system. This would also encourage users to explore the "small fry"rather than the "big guns".<br />
<br />
<br />
== Ivo @ 2009-12-01 23:35 ==<br />
* I will currently consider us four (Ivo, Tim, Steve, Sven) the 'core team' because you are all very active and are probably the people I know best around here. Not to imply that any other admin is less important, but I think we need to get responsabilities right before we can really change anything.<br />
* It's clear that none of us can take all the work that comes with GlobalTuners all alone. We need a strong team with good internal communications. A long time ago, when GlobalTuners just took off, there were a few teams with clear responsabilities; even though not everbody was active, it sort of worked.<br />
* Many of the team members have become less active, tasks are not clear anymore and because of the lack of decent internal communications and any possibility to make notes about users and receivers. To be honest, I do not even know many site operators and have to look in 10 places to find out what has been going on in the past with their node.<br />
<br />
What I think that has to be done (at least, and to start):<br />
# Clear up responsabilities, perhaps by (re)forming a few teams, with only really active people<br />
# Improve internal communications through the use of team-specific mailing lists, a system to add internal comments to users and receivers<br />
# Improve internal relations, perhaps by allowing site operators and admins to write something about theirselves, add a picture, and promote the IRC crew chat (!)<br />
# Make clear to the users where they can direct their questions about specific subjects (team mailing lists? some more advanced ticket-system? a combination of both?)<br />
# Share knowledge (software, issues, etc) with the team, perhaps using some sort of wiki style documentation (allow to quickly write a howto or document stuff so other admins can easily find that information)<br />
# Look for new people among the site operators and active users who want to activily participate<br />
# I also think we need to clean up the admin team<br />
<br />
Only then, I think, we can manage these 18k users and 60+ receivers and allow the site to grow once again. Right now we simply do not have sufficient people and time, at least it is not properly used.<br />
<br />
Re. #4: the top list was never invented to create competition. It has existed in the DXTuners times and was actually requested by some users and siteops I think. Some of them seem to live for the statistics, even though they don't mean much. Maybe it should be removed. At leatst I would love to see a 'Receiver of the week' - bring some extra attention to one specific (less popular or just new) receiver by promoting it on the front page. This should include some more detailed information about the location, but more important, what can be received. And it takes time to write this...<br />
<br />
At the moment I don't feel much for paid receivers; they will likely be less popular and certainly introduce a lot more administrative work, and as some users suggest - paying users will EXPECT us to always deliver the service 'they pay for'. But we can certainly discuss this. Perhaps we could collect donations and advertisement income to cover some costs (how do we determine who needs the money?) and get some sponsoring for receivers on interesting locations.<br />
<br />
== Sven @ 2009-12-02 9:40 ==<br />
* Re: responsabilities: Maybe anyone of us should tell what he can do best in this vast project. I also think these responsibilities should be propagated on the website so anyone can see. Also, a list of spoken languages by those guys could be helpful. As we all know we got a bunch of people who can't even speak engrish. I don't see a problem if a ticket is managed in french (although ANYONE out there knows I don't speak that language ;)). Of course, english is preferred and the best choice to get the best support as more people understand.<br />
* Re: share knowledge: Very good idea, Ivo!<br />
* Re: toplist: The "Receiver of the Week" is a cool idea, it could also motivate site-ops to improve their nodes. Re the top list and a ranking..hrm. It's clear there are differences between several nodes. NW CT is one of the amazing ones, same as Albany. I was thinking of a different kind of ranking, but this idea has to be developed further. As of now, how's that: have an [[receiver assessment]] based on points, similar to how spamassassin works (and weight watchers, too ;)). I.e., an IC765 beats a PCR1k, hence gets more points. Other facts to include are the location, antennas, availability, etc (what else? Contributions welcome.)<br />
* Re: paid receivers: I'm sure we'd lose a huge bunch of users if we switch to a paid service and I fully understand your position, Ivo. On the other hand, equipment costs money, not too less in some cases. BUT..if we pay people to have their receivers at GT, how can we make sure they keep their radios running for the public?<br />
<br />
A good way of raising funds is in fact [[Adsense]]. I've made several<br />
experiments with during the last 18 months and I'm now able to tell what<br />
positions on a site (and what ad format) work best. GT is already using<br />
Adsense, but I'm sure there are ways to improve it.<br />
<br />
== Ivo @ 2009-12-03 ==<br />
Some other comments from the forum thread that started all this:<br />
* oldtimer indicates that he had to shut a receiver down because of excessive charges from his ISP (did he use relaying?)<br />
* Rick_DX indicates that he would be interested in making a donation if that would have saved a few receivers - but he didn't know<br />
* Rick_DX indicates that he is only interested in a very few receivers<br />
* Backstreets suggests to take al ook at www.chipin.com for payments/donations, because of their countdown function, it uses paypal btw<br />
* Tim suggests: that two categories of radios are established: pay-to-use and free-to-use? Or maybe setup a Global Tuners support fund? Or perhaps Internet / Google ads played per radio-node could generate some contribution for the site (node) operators ?<br />
* ku4a suggests that site operators could be allowed (optionally) to charge a fee, he also indicates that it would obligate the operators to keep the receivers online<br />
* Too much text to handle in the forum... getting a headache...<br />
<br />
* Luc suggests to allow operators to explain why they leave to better understand the situation<br />
* Luc: Maybe one of the team could try to contact every node operator to peacefully ask why they left the network, or make an online survey they can fill so we can better understand the situation. Maybe we could have a tread explaining the reason each node left when operator agre to tell it publicly.<br />
** Ivo: One problem here is that we don't even know they have left (at least, I don't)...<br />
* ku4a: Vitesse, that is a very good point. I think Ivo has canvassed the offline node owners before, but it might be time to do it again. It would be interesting to see what the reasons are. Then, perhaps there is something that could be done to fix the problem.<br />
** Ivo: No, I haven't, at least not after they moved from DxTuners to GT. They are all on the siteop.users mailing list, but don't respons for some reason. Such e-mails have been sent to this list.<br />
* SDSpike suggests to ask operators why they want to JOIN<br />
* SDSpike: I believe alot of node owners don't know what to expect when they set one up. And when they find out that their node is not used as much as they thought or it's used for recieving things THEY don't think is worthy of listening to they leave. Say air traffic when they aren't in into air traffic.<br />
* SDSpike: They're those people who have no idea what a mode is) don't get it, you won't get their useage. ( If that's what your aiming for)<br />
** Ivo: I want a few instructive movies on youtube - just step by step guides starting with the very basics (sign up..?) and eventually explaining the most advanced features.<br />
* SDSpike: Try to be different and offer something others don't have to listen to. This is where your local content comes in. Police,fire,BC radio,ham radio,whatever. You may have to search it out. YOu'll learn something new.<br />
** Ivo: We need some kind of stimulation. Personal e-mail and chat sessions and clear explanations of what we expect and how to acomplish that... and assistance.<br />
* SDSpike: About the bandguide. Create at least a basic one. get those of use who'd like to listen to what's in your area someplace to start.<br />
* PaulD: I do not believe in the top list to be honest, as you say it is not reliable, and I also thinks it does not encorage to leave receivers online. If anything probably discorage.<br />
* PaulD: I do not like forums that much, but will try and get to the support tickets if no-one else has beaten me to it!!! Obviously work is priority! (I think).<br />
* PaulD: I think the full problem is the old faithful Communication Skills. It would be nice whenever possible to keep us and fellow users informed about their receivers.<br />
* PaulD: Do we know who is actually "Admin" and or "Site Ops" and who does what? Because I sure don't!!! Just a thought<br />
** Ivo: we should reduce the number of 'admins'. IMO an Admin is someone who is required for the site to function and is active at least on a daily basis. Just a few people, so they are easy to find and everyone knows them. All other 'administrative' tasks should be moved to separate roles (Moderator/Site operator).<br />
** Ivo: Somehow we (I at least) should get to know the site operators better<br />
* Tim: Again, I am not speaking on behalf of anyone else, and don't have evidence if £/$ is the reason behind other site operators' decisions to come-and-go, but I certainly understand that no-one can realistically expect in perpetuum something-for-nothing.<br />
* Tim: Good point this URL, Tom, makes one feel like winning these Afghanistan, Malaysia etc dx rare nodes back, what a joy this would be! <br />
** Ivo: Many of these nodes have unfortunately never been online. Somehow they did not finish the installation procedure and at least many of them need to be contacted afterwards to set things up - lots of work, which only a few people have any experience with.<br />
* Ivo: I see many users registering and 'sharing their receiver' on one single day. Many of them don't ever come back... Not even to listen.<br />
<br />
[[Category:GlobalTuners]]</div>Adminhttp://wiki.ucis.nl/index.php?title=GlobalTuners&diff=33GlobalTuners2022-11-09T14:49:52Z<p>Admin: 1 revision imported</p>
<hr />
<div>== Wat is GlobalTuners? ==<br />
GlobalTuners is een website waar mensen hun radio-ontvangers kunnen delen. Bezoekers van de website kunnen deze ontvangers vervolgens via het internet bedienen en beluisteren. Over het algemeen zijn deze ontvangers gericht op een breed publiek, de meeste ontvangers kunnen bijvoorbeeld onder andere FM-radio, AM-radio, luchtvaartverkeer, amateurzenders en tijdbakens ontvangen. Deze ontvangers zijn over het algemeen niet goedkoop en staan ondanks dat toch een groot deel van de tijd stil in de kast. Door de ontvangers beschikbaar te maken via GlobalTuners kunnen anderen, die geen geld of simpelweg onvoldoende interesse hebben om zelf een ontvanger te kopen, toch in contact komen met het radiospectrum.<br />
<br />
Door het internationale karakter biedt de site ook mogelijkheden voor een grote groep enthousiaste radioluisteraars en zendamateurs. Zij kunnen signalen (inclusief hun eigen signalen) op andere locaties ontvangen, met opstellingen die zij zelf vaak (om financiële redenen, door de omgeving of gewoon door ruimtegebrek) niet kunnen realiseren.<br />
<br />
== In the beginning... ==<br />
Ruim tien jaar ontwikkelde Kelly Lindman uit Zweden een toepassing om zijn eigen radio-ontvanger, een ICom PCR-1000, via internet te kunnen bedienen, voor eigen gebruik. Vrienden van Kelly raakten echter ook geïnteresseerd en al snel groeide het project uit tot een grote, commerciële website, DXTuners.com. Ik heb mijn ontvanger, ook een PCR-1000, destijds beschikbaar gesteld via DXTuners, omdat deze bij mij toch vooral lag te verstoffen, en omdat ik zelf op zoek was naar een oplossing om mijn ontvanger via internet te gebruiken. Enkele laren geleden besloot Kelly om het gebruik van de website gratis te maken. Eind 2007 raakte ik meer betrokken bij DXTuners en ben ik begonnen met het ontwikkelen van nieuwe server-software. Deze software had in het begin nogal eens problemen (net als de oude software overigens), maar bood wel ondersteuning voor Windows en was gericht op een beter veiligheidsmodel. Vervolgens heb ik het beheer van de website grotendeels overgenomen, waarna Kelly kon beginnen aan een nieuw project: HamSphere. Omdat ik niet erg tevreden was met de oude website, en vooral de implementatie in Java, heb ik ook deze volledig herschreven in PHP. Inmiddels is GlobalTuners al iets meer dan een jaar on-line.</div>Adminhttp://wiki.ucis.nl/index.php?title=Anonet/Peering&diff=31Anonet/Peering2022-11-09T14:49:52Z<p>Admin: 3 revisions imported</p>
<hr />
<div>This page will guide you through the process of setting up your first peering on [[Anonet]]. It may also serve as a reference for later, when something needs to be changed or peerings need to be added.<br />
<br />
This article assumes you're using a Debian style operating system (Debian, Linux Mint, Ubuntu) and will use Debian style configuration. There are other ways to implement the same configuration, but those are not discussed here.<br />
<br />
== What is peering? ==<br />
Peering is the process of adding peers. Peer usually refers to a BGP peer. The first time you do so, you will probably have to configure a lot to setup a framework for other peerings. BGP peering implies that your system will become a router, routing traffic for your own subnetwork and possibly also routing transit traffic for others.<br />
<br />
To start peering, you will have to find a peer: a person with a system that is already connected to Anonet, to which you will connect. Usually, you can just ask on IRC in #anonet.<br />
<br />
== Claiming resources ==<br />
<br />
<br />
== VPN tunnel ==<br />
You will need to setup a VPN tunnel with your peer to safely route packets. The most common one on Anonet is [[QuickTun]], although other options like OpenVPN and Tinc are possible too. This article shows how to setup QuickTun.<br />
<br />
You can install QuickTun from the "official" apt.ucis.nl Debian repository, or build it from source.<br />
<br />
=== Installing QuickTun from the Debian repository ===<br />
Run the following commands, as root (login as root or run "su bash"):<br />
wget -q http://apt.ucis.nl/IvoSmits.asc -O- | apt-key add -<br />
echo "deb http://apt.ucis.nl/ current ucis" >> /etc/apt/sources.list<br />
apt-get update<br />
apt-get install quicktun<br />
<br />
=== Installing QuickTun from source ===<br />
sudo apt-get install gcc fakeroot dpkg<br />
wget http://oss.ucis.nl/quicktun/src/quicktun.tgz -O- | tar -xvz<br />
cd quicktun*<br />
./build.sh<br />
sudo dpkg -i out/quicktun*.deb<br />
<br />
=== Configuring QuickTun ===<br />
You will have to select an IP address to use on your router. It is recommended to use one IP address from the subnet you claimed earlier, we will assume 1.2.3.1. You will also have to decide on a local port number to use for the VPN tunnel. This can be any number between 1024 and roughly 64000; some people prefer to derive the port number from the AS number of the peer while others just number sequentially. We will use 41112 in this example. It's up to you, just as long as it's not in use by anything else (including other peerings). When you have that, you can create a key pair using the following command:<br />
/usr/sbin/quicktun.keypair < /dev/urandom<br />
You can now tell your peer the following information, preferably over a secure channel, so that your peer can begin setting up his end:<br />
- Your internet IP address or dynamic DNS name (only if the IP is more or less static)<br />
- The port number you chose (eg 41112)<br />
- The PUBLIC key generated earlier (the SECRET key is SECRET! Do not give it to anyone!)<br />
- The internal IP address of your router (eg 1.2.3.1)<br />
Your peer should provide you with the same information about his end.<br />
<br />
You can now configure the tunnel. Open /etc/network/interfaces in your favorite text editor, as root. Then add the following lines at the end:<br />
auto tun.<PEERNAME><br />
iface tun.<PEERNAME> inet static<br />
address <INTERNAL-IP-ADDRESS-OF-LOCAL-ROUTER><br />
pointopoint <INTERNAL-IP-ADDRESS-OF-PEER-ROUTER><br />
netmask 255.255.255.255<br />
qt_tun_mode 1<br />
qt_protocol nacltai<br />
qt_remote_address <INTERNET-IP-ADDRESS-OR-HOSTNAME-OF-PEER><br />
qt_remote_port <VPN-PORT-OF-PEER><br />
qt_local_address <LOCAL-IP-ADDRESS><br />
qt_local_port <LOCAL-VPN-PORT><br />
qt_private_key <SECRET-KEY><br />
qt_public_key <PEER-PUBLIC-KEY><br />
- <PEERNAME> is a simple name for the connection. It should be short and contain only alphanumeric characters (a-z, A-Z, 0-9). Some people use the peer's AS number here, eg as1112.<br />
- <INTERNAL-IP-ADDRESS-OF-LOCAL-ROUTER> is the internal IP address you chose for your router, in this example it would be 1.2.3.4<br />
- <INTERNET-IP-ADDRESS-OR-HOSTNAME-OF-PEER> is the public internet IP address or dynamid DNS name of your peer; set to 0.0.0.0 if unknown or dynamic<br />
- <LOCAL-IP-ADDRESS> is the local IP address for outside of the VPN tunnel; set to 0.0.0.0 if unknown or dynamic<br />
- <SECRET-KEY> is the SECRET key generated by quicktun.keypair<br />
- <PEER-PUBLIC-KEY> is the public key provided by your peer<br />
<br />
Save the file. Now run the command "ifup tun.<PEERNAME>". When your peer has also started his tunnel, you should be able to "ping <INTERNAL-IP-ADDRESS-OF-PEER-ROUTER>". If this does not work, you can check syslog ("tail /var/log/syslog") for QuickTun errors.<br />
<br />
== BGP routing ==<br />
sudo apt-get install bird<br />
sudo nano /etc/bird.conf<br />
/etc/init.d/bird restart<br />
birdc show protocols<br />
<br />
== DNS setup ==<br />
<br />
== Firewall ==<br />
== Enable IP forwarding ==<br />
== Get more peers! ==</div>Adminhttp://wiki.ucis.nl/index.php?title=Anonet/Internetaccess&diff=27Anonet/Internetaccess2022-11-09T14:49:52Z<p>Admin: 4 revisions imported</p>
<hr />
<div>There are various ways to access the internet from within Anonet.<br />
<br />
== CGIProxy ==<br />
The CGIProxy is a great tool for browsing internet websites occasionally. It uses the Tor access described below. No configuration is needed, but it won't work for all websites.<br />
* http://cgiproxy.ucis.ano/<br />
<br />
== Tor (SOCKS/HTTP) proxy ==<br />
Some people run a Tor 'entry' node for public Anonet access. In addition, some people run some kind of HTTP proxy in front of their Tor server.<br />
* Tor socks proxy: 10.11.5.72:9050<br />
* HTTP proxy: http://1.3.3.64:8118/<br />
<br />
== Routed NAT access ==<br />
=== Directly peered ===<br />
If you're peered to AS1112 / 1.3.3.130, you can use that router as an internet gateway. Simply add a route for the internet destination (0.0.0.0/0) to the tunnel (1.3.3.130).<br />
<br />
=== Not directly peered ===<br />
There's a router on Anonet that provides direct NAT'ed internet access. To use it, you will need to set up a QuickTun tunnel for sending, like this:<br />
#!/bin/sh<br />
export IF_QT_REMOTE_ADDRESS=1.3.3.9<br />
export IF_QT_LOCAL_PORT=0<br />
export IF_QT_REMOTE_PORT=2998<br />
export IF_QT_TUN_MODE=1<br />
export IF_QT_PROTOCOL=raw<br />
export IFACE=tun2<br />
(sleep 1; ip link set $IFACE up; ip addr add 1.3.3.64/32 dev $IFACE; ip route add default dev $IFACE src 1.3.3.64) &<br />
quicktun.debian<br />
<br />
Note that 1.3.3.64 should be replaced (twice) with one of your own IP addresses, which is already routed to that machine (for return data). You can also replace the default keyword with some IP address or IP network to use the tunnel for only that particular address/network.</div>Adminhttp://wiki.ucis.nl/index.php?title=Anonet/BIRD&diff=22Anonet/BIRD2022-11-09T14:49:52Z<p>Admin: 2 revisions imported</p>
<hr />
<div>This normally goes in /etc/bird.conf:<br />
<pre><br />
log syslog { debug, trace, info, remote, error, auth, fatal, bug };<br />
<br />
#Your router ID is formatted as an IP address. It should be unique, so you should use one of your local IP addresses.<br />
router id 21.2.3.4;<br />
<br />
#This filter allows prefixes in dn42, as well as the big anonet network<br />
filter dn42 {<br />
if net = 172.16.0.0/12 then reject;<br />
if net = 172.22.0.0/15 then reject;<br />
if net ~ 172.16.0.0/12 then accept;<br />
if net = 21.0.0.0/8 then accept;<br />
reject;<br />
}<br />
#This filter allows prefixes in anonet, as well as the big dn42 network<br />
filter anonet {<br />
if net = 21.0.0.0/8 then reject;<br />
if net ~ 21.0.0.0/8 then accept;<br />
if net = 172.16.0.0/12 then accept;<br />
if net = 172.22.0.0/15 then accept;<br />
reject;<br />
}<br />
<br />
protocol kernel {<br />
# learn; # Learn all alien routes from the kernel<br />
persist; # Don't remove routes on bird shutdown<br />
scan time 20; # Scan kernel routing table every 20 seconds<br />
# import none; # Default is import all<br />
import all;<br />
export all; # Default is export none<br />
}<br />
<br />
protocol device {<br />
scan time 30; # Scan interfaces every 10 seconds<br />
}<br />
<br />
#This is where we define our local network. If you just use the network only<br />
#on this host, or use individual IP addresses, use the reject statement.<br />
#Alternatively, you can route your entire subnetwork to a specific interface.<br />
protocol static {<br />
route 21.2.3.0/24 reject;<br />
# route 21.2.3.0/24 via "eth0";<br />
}<br />
<br />
#This is a peering with a trusted machine, we exchange all routes<br />
#Jupiter is just a name we give this connection, for use in the<br />
#interactive control shell 'birdc'.<br />
#protocol bgp jupiter {<br />
# local as 64530;<br />
# neighbor 10.11.1.2 as 64521;<br />
# import all; export all;<br />
#}<br />
<br />
#This is a peering with an anonet peer<br />
protocol bgp as1112 {<br />
local as 1234;<br />
neighbor 21.82.98.2 as 1112;<br />
export filter anonet; import filter anonet;<br />
}<br />
<br />
#To add another anonet peer, add another protocol block.<br />
</pre></div>Adminhttp://wiki.ucis.nl/index.php?title=Anonet&diff=19Anonet2022-11-09T14:49:52Z<p>Admin: 11 revisions imported</p>
<hr />
<div>=== About Anonet ===<br />
Anonet is a decentralized IP based darknet. It's implemented as a bunch of (mostly peer to peer) VPN tunnels over the internet, and (usually Linux based) BGP speaking IP (mostly IPv4) routers.<br />
<br />
Anonet has claimed the IPv4 subnetwork 21.0.0.0/8 to provide every participant with sufficient IPv4 addresses to address the entire network with 'publicly' routable IP addresses. There's usually no need for NAT on Anonet, and people tend to use it to connect to their own computers from locations that would otherwise not allow them to do so (think breaking through firewalls).<br />
<br />
Anonet's ultimate goal is to replace the internet as we know it, to provide everybody with a free (freedom of speech) and censorship resistant network, without one ever growing centralized government. Whether this will ever happen is unsure, but resistance against control and censorship by our governments is definitely growing.<br />
<br />
If you're not in for the freedom, not all hope is lost yet. Anonet is a great place to learn about- and experiment with all kinds of computer networking concepts and technologies. As a participant, you will learn a lot about Virtual Private Networks, BGP, IP routing, Linux, programming and computer networking in general. You can freely deploy your own experimental services, protocols and applications. We're currently using it as a testbed for both [[QuickTun]] and [[VNE]].<br />
<br />
=== Getting started ===<br />
The best way to get started on anonet is probably to join our IRC chat. You can do so from the internet by visiting irc://irc.kwaaknet.org/anonet or http://webchat.kwaaknet.org/?c=anonet. (WARNING! These servers will expose your IP address!) Alternatively, you can hop on straight onto the Client Port, which is simply a public VPN server. Detailed instructions for connecting are listed at http://ix.ucis.nl/clientport.php. Once connected, you can join our chat on irc://21.3.3.7/anonet. More information about Anonet and client ports is available at http://www.anonet.org/.<br />
<br />
=== AnoNet on Windows ===<br />
If you want to participate in AnoNet using a Windows system, you have a few options. You can run Linux using virtualization software like VirtualBox or CoLinux. Or you can use the [[VNE/DNRouter]] software, which has everything you need in a single binary.<br />
<br />
=== Anonet public services ===<br />
*http://ix.ucis.nl/<br />
*http://x5yd2gfthlfgdqjg.onion/ - Web proxy into Anonet<br />
<br />
=== Anonet internal services ===<br />
*http://www.ucis.ano/ - personal homepage including anonet looking glass, BGP graph, resource database<br />
*http://wiki.ucis.ano/ - this wiki<br />
*http://marc.ucis.ano/ - Web interface to the resource database<br />
*http://ix.ucis.ano/ - informative / router looking glass<br />
*http://wikileaks.ucis.ano/ - partial and outdated WikiLeaks mirror<br />
*irc://irc.kwaaknet.ano/anonet - Kwaaknet.org IRC network<br />
*[http://delta.ucis.ano:9091/?channels=anonet http://delta.ucis.ano:9091/] - Kwaaknet.org webchat<br />
*21.3.3.64 - Public DNS recursor (.ano, .dn42, ICANN TLDs)<br />
*21.3.3.67 - .ano TLD server<br />
<br />
=== Anonet internal services by others ===<br />
*http://www.sfor.ano/ - Personal homepage including Pastebin, wiki, webchat, forum, git hosting, e-mail hosting and more<br />
<br />
=== Anonet related articles ===<br />
*[[IRCRelay]] - IRC relay software to forward messages among channels on different IRC networks<br />
*[[VANet]]<br />
*[[QuickTun]] - Simple and secure VPN software<br />
*[[VNE]] - User-space networking environment including TCP/IP stack in C#<br />
*[[Peer2Cloud]]<br />
*[[UDPMSG3]] - Decentralized, "fail-safe" broadcast protocol<br />
*[[MARC]] - Magic Anonet Resource Claims system<br />
*[[Anonet/BIRD|BIRD router example configuration]]<br />
*[[Anonet/Internetaccess|Accessing the internet from Anonet]]</div>Adminhttp://wiki.ucis.nl/index.php?title=Category:GlobalTuners:Receivers&diff=5Category:GlobalTuners:Receivers2022-11-09T14:49:52Z<p>Admin: 1 revision imported</p>
<hr />
<div>[[Category:GlobalTuners]]</div>Adminhttp://wiki.ucis.nl/index.php?title=Category:GlobalTuners&diff=3Category:GlobalTuners2022-11-09T14:49:52Z<p>Admin: 1 revision imported</p>
<hr />
<div>GlobalTuners related notices should link to this page, you can do this by writing <nowiki>[[Category:GlobalTuners]]</nowiki> at the bottom of your page.</div>Adminhttp://wiki.ucis.nl/index.php?title=Anonet&diff=18Anonet2017-03-18T12:01:14Z<p>Admin: </p>
<hr />
<div>=== About Anonet ===<br />
Anonet is a decentralized IP based darknet. It's implemented as a bunch of (mostly peer to peer) VPN tunnels over the internet, and (usually Linux based) BGP speaking IP (mostly IPv4) routers.<br />
<br />
Anonet has claimed the IPv4 subnetwork 21.0.0.0/8 to provide every participant with sufficient IPv4 addresses to address the entire network with 'publicly' routable IP addresses. There's usually no need for NAT on Anonet, and people tend to use it to connect to their own computers from locations that would otherwise not allow them to do so (think breaking through firewalls).<br />
<br />
Anonet's ultimate goal is to replace the internet as we know it, to provide everybody with a free (freedom of speech) and censorship resistant network, without one ever growing centralized government. Whether this will ever happen is unsure, but resistance against control and censorship by our governments is definitely growing.<br />
<br />
If you're not in for the freedom, not all hope is lost yet. Anonet is a great place to learn about- and experiment with all kinds of computer networking concepts and technologies. As a participant, you will learn a lot about Virtual Private Networks, BGP, IP routing, Linux, programming and computer networking in general. You can freely deploy your own experimental services, protocols and applications. We're currently using it as a testbed for both [[QuickTun]] and [[VNE]].<br />
<br />
=== Getting started ===<br />
The best way to get started on anonet is probably to join our IRC chat. You can do so from the internet by visiting irc://irc.kwaaknet.org/anonet or http://webchat.kwaaknet.org/?c=anonet. (WARNING! These servers will expose your IP address!) Alternatively, you can hop on straight onto the Client Port, which is simply a public VPN server. Detailed instructions for connecting are listed at http://ix.ucis.nl/clientport.php. Once connected, you can join our chat on irc://21.3.3.7/anonet. More information about Anonet and client ports is available at http://www.anonet.org/.<br />
<br />
=== AnoNet on Windows ===<br />
If you want to participate in AnoNet using a Windows system, you have a few options. You can run Linux using virtualization software like VirtualBox or CoLinux. Or you can use the [[VNE/DNRouter]] software, which has everything you need in a single binary.<br />
<br />
=== Anonet public services ===<br />
*http://ix.ucis.nl/<br />
*http://x5yd2gfthlfgdqjg.onion/ - Web proxy into Anonet<br />
<br />
=== Anonet internal services ===<br />
*http://www.ucis.ano/ - personal homepage including anonet looking glass, BGP graph, resource database<br />
*http://wiki.ucis.ano/ - this wiki<br />
*http://marc.ucis.ano/ - Web interface to the resource database<br />
*http://ix.ucis.ano/ - informative / router looking glass<br />
*http://wikileaks.ucis.ano/ - partial and outdated WikiLeaks mirror<br />
*irc://irc.kwaaknet.ano/anonet - Kwaaknet.org IRC network<br />
*[http://delta.ucis.ano:9091/?channels=anonet http://delta.ucis.ano:9091/] - Kwaaknet.org webchat<br />
*21.3.3.64 - Public DNS recursor (.ano, .dn42, ICANN TLDs)<br />
*21.3.3.67 - .ano TLD server<br />
<br />
=== Anonet internal services by others ===<br />
*http://www.sfor.ano/ - Personal homepage including Pastebin, wiki, webchat, forum, git hosting, e-mail hosting and more<br />
<br />
=== Anonet related articles ===<br />
*[[IRCRelay]] - IRC relay software to forward messages among channels on different IRC networks<br />
*[[VANet]]<br />
*[[QuickTun]] - Simple and secure VPN software<br />
*[[VNE]] - User-space networking environment including TCP/IP stack in C#<br />
*[[Peer2Cloud]]<br />
*[[UDPMSG3]] - Decentralized, "fail-safe" broadcast protocol<br />
*[[MARC]] - Magic Anonet Resource Claims system<br />
*[[Anonet/BIRD|BIRD router example configuration]]<br />
*[[Anonet/Internetaccess|Accessing the internet from Anonet]]</div>Adminhttp://wiki.ucis.nl/index.php?title=Anonet/BIRD&diff=21Anonet/BIRD2017-03-14T19:21:51Z<p>Admin: </p>
<hr />
<div>This normally goes in /etc/bird.conf:<br />
<pre><br />
log syslog { debug, trace, info, remote, error, auth, fatal, bug };<br />
<br />
#Your router ID is formatted as an IP address. It should be unique, so you should use one of your local IP addresses.<br />
router id 21.2.3.4;<br />
<br />
#This filter allows prefixes in dn42, as well as the big anonet network<br />
filter dn42 {<br />
if net = 172.16.0.0/12 then reject;<br />
if net = 172.22.0.0/15 then reject;<br />
if net ~ 172.16.0.0/12 then accept;<br />
if net = 21.0.0.0/8 then accept;<br />
reject;<br />
}<br />
#This filter allows prefixes in anonet, as well as the big dn42 network<br />
filter anonet {<br />
if net = 21.0.0.0/8 then reject;<br />
if net ~ 21.0.0.0/8 then accept;<br />
if net = 172.16.0.0/12 then accept;<br />
if net = 172.22.0.0/15 then accept;<br />
reject;<br />
}<br />
<br />
protocol kernel {<br />
# learn; # Learn all alien routes from the kernel<br />
persist; # Don't remove routes on bird shutdown<br />
scan time 20; # Scan kernel routing table every 20 seconds<br />
# import none; # Default is import all<br />
import all;<br />
export all; # Default is export none<br />
}<br />
<br />
protocol device {<br />
scan time 30; # Scan interfaces every 10 seconds<br />
}<br />
<br />
#This is where we define our local network. If you just use the network only<br />
#on this host, or use individual IP addresses, use the reject statement.<br />
#Alternatively, you can route your entire subnetwork to a specific interface.<br />
protocol static {<br />
route 21.2.3.0/24 reject;<br />
# route 21.2.3.0/24 via "eth0";<br />
}<br />
<br />
#This is a peering with a trusted machine, we exchange all routes<br />
#Jupiter is just a name we give this connection, for use in the<br />
#interactive control shell 'birdc'.<br />
#protocol bgp jupiter {<br />
# local as 64530;<br />
# neighbor 10.11.1.2 as 64521;<br />
# import all; export all;<br />
#}<br />
<br />
#This is a peering with an anonet peer<br />
protocol bgp as1112 {<br />
local as 1234;<br />
neighbor 21.82.98.2 as 1112;<br />
export filter anonet; import filter anonet;<br />
}<br />
<br />
#To add another anonet peer, add another protocol block.<br />
</pre></div>Adminhttp://wiki.ucis.nl/index.php?title=QuickTun&diff=173QuickTun2017-01-08T13:23:00Z<p>Admin: /* Support QuickTun */</p>
<hr />
<div>QuickTun is probably the simplest VPN tunnel software ever, yet it's very secure. It relies on the [[NaCl]] encryption library by [http://cr.yp.to/ D. J. Bernstein].<br />
<br />
QuickTun uses the [http://nacl.cace-project.eu/box.html curve25519xsalsa20poly1305 crypto-box] functionality of the NaCl library for secure public-key encryption.<br />
<br />
And that's about all QuickTun does; encrypting and sending data. No fancy features which would only lead to bloating the binary. In fact, QuickTun itself has only a few hundred lines of pure C code, making it dead simple to maintain, analyze, debug and fix.<br />
<br />
== Installing QuickTun on Debian/Ubuntu Linux ==<br />
A precompiled package is available in the UCIS.nl apt repository:<br />
wget -q http://apt.ucis.nl/IvoSmits.asc -O- | apt-key add -<br />
echo "deb http://apt.ucis.nl/ current ucis" >> /etc/apt/sources.list<br />
apt-get update<br />
apt-get install quicktun<br />
<br />
If you prefer to compile QuickTun yourself, or if your platform is not covered in our repository, you can follow the steps below (Installing QuickTun on Linux), and either manually copy the files (from out/ and debian/static/etc/) to their destination, or install the generated debian package (dpkg -i out/quicktun*.deb).<br />
<br />
The tunnel can then be configured in the /etc/network/interfaces file:<br />
auto tun0<br />
iface tun0 inet static<br />
address 192.168.77.1<br />
pointopoint 192.168.77.2<br />
netmask 255.255.255.255<br />
qt_tun_mode 1<br />
qt_protocol nacltai<br />
qt_remote_address 1.2.3.4<br />
qt_local_address 9.8.7.6<br />
qt_private_key_file <LOCAL-SECRET-KEY-FILE><br />
qt_public_key <REMOTE-PUBLIC-KEY><br />
See below for supported configuration options. Please note that all options are written in lower case and are prefixed with qt_. The interface name is taken from the 'iface' entry.<br />
<br />
== Installing QuickTun on Linux or BSD ==<br />
Building QuickTun is very simple. Just run the following commands:<br />
wget http://oss.ucis.nl/quicktun/src/quicktun.tgz -O- | tar -xvz<br />
cd quicktun*<br />
./build.sh<br />
<br />
This command will first download and build the NaCl cryptography engine - this will take some time. When done, the out/ directory will contain a few binaries:<br />
* libquicktun.raw - dynamically loadable library which implements the 'raw' unencrypted quicktun protocol<br />
* quicktun.combined - the one you'll probably want to use, has all supported protocols and can be used 'stand alone'<br />
* quicktun.debian - a binary targeting Debian based systems, for optimal integration with Debian's network configuration files<br />
* quicktun.keypair - can be used to generate a public/secret key pair<br />
* quicktun.nacl0 - stand alone binary implementing the nacl0 protocol (NaCl encryption without nonce)<br />
* quicktun.nacltai - stand alone binary implementing the nacltai protocol (NaCl encryption with nonce)<br />
* quicktun.raw - stand alone binary implementing the 'raw' unencrypted protocol<br />
* quicktun-*.tgz - compressed tarball containing the sourcecode and build scripts, for distribution<br />
* quicktun-*.deb - a Debian binary package, only generated on Debian based systems<br />
<br />
You'll most likely want to use the out/quicktun.combined and out/quicktun.keypair executables. You may want to copy them to /usr/sbin.<br />
<br />
== Configuring QuickTun on Linux (non Debian/Ubuntu) ==<br />
QuickTun configuration is usually stored in a shell script like this:<br />
#!/bin/sh<br />
export TUN_MODE=1<br />
export PROTOCOL=nacltai<br />
export REMOTE_ADDRESS=ipaddress-of-remote-end<br />
export LOCAL_ADDRESS=ipaddress-of-local-end<br />
export PRIVATE_KEY=private-key-of-local-end<br />
export PUBLIC_KEY=public-key-of-remote-end<br />
/usr/sbin/quicktun<br />
<br />
Make sure that the script is not publicly readable because it contains the secret key: chmod 700 will do! To start the VPN tunnel, simply run the shellscript. You can also run the script using some service supervisor (daemon tools, supervisord).<br />
<br />
Alternatively all configuration can be specified on the command line like this:<br />
/usr/sbin/quicktun -c PROTOCOL nacltai -c TUN_MODE 1 -c PRIVATE_KEY_FILE secret.key -c PUBLIC_KEY public-key-of-remote-end<br />
<br />
== QuickTun configuration options ==<br />
* INTERFACE - interface name (non-debian systems only)<br />
* TUN_MODE - set to 1 to operate in tun (IP), unset or 0 (recent versions only) for tap (Ethernet) mode<br />
* USE_PI - set to 1 to include packet information header in wire packets, must be set on both sides if used; set to 2 to automatically add the packet information header for cross-platform compatibility (also compatible with USE_PI=0), some (BSD) kernels need USE_PI to be enabled for IPv6 support<br />
* REMOTE_ADDRESS - IP address or hostname of the remote end (use 0.0.0.0 for a floating/dynamic remote endpoint)<br />
* LOCAL_ADDRESS - IP address or hostname of the local end, optional<br />
* LOCAL_PORT - local UDP port, optional, defaults to 2998<br />
* REMOTE_PORT - remote UDP port, optional, defaults to LOCAL_PORT<br />
* REMOTE_FLOAT - allows the remote address and port to change when properly encrypted packets are received<br />
* TUN_UP_SCRIPT - run specified command or script after the tunnel device has been opened<br />
* SETUID - drop privileges and change user and group IDs to specified username after setting up the tunnel<br />
* nacl0, nacltai and salty (encrypted) protocols only:<br />
** PRIVATE_KEY - local secret key in hexadecimal form (not needed for raw protocol)<br />
** PUBLIC_KEY - remote public key in hexadecimal form (not needed for raw protocol)<br />
** PRIVATE_KEY_FILE - file containing local secret key in binary or hexadecimal form (not needed for raw protocol)<br />
* nacltai (encrypted) protocol only:<br />
** TIME_WINDOW - allowed time window for first received packet in seconds (positive number allows packets from history)<br />
* Combined binary only (quicktun.debian and quicktun.combined executables, Debian based systems):<br />
** PROTOCOL - the protocol to use, one of "raw", "nacl0" and "nacltai"<br />
* Debian /etc/network/interfaces only:<br />
** NO_PRECREATE - set to 1 to run QuickTun as root and not use a persistent tunnel device, unset otherwise<br />
<br />
== QuickTun on Windows ==<br />
A pure C# implementation of QuickTun and the required cryptography code is included in the [[VNE|Virtual Network Environment]]. This code can run on both, Windows and Linux systems, and provide full VPN functionality, in addition to many other features. The [[VNE/DNRouter|DNRouter]] software uses this library to provide QuickTun support.<br />
<br />
A stand-alone tunnel application is also available on http://oss.ucis.nl/vne/quicktun/. Download all files, rename example.xml to quicktun.xml and edit it according to your needs. Then run UCIS.QuickTun.exe. Note that you will have to create/install a tun/tap device before running the software. You can do this either by installing OpenVPN or tinc, or by downloading all files from http://oss.ucis.nl/vne/tuntapwin/ and running addtap.bat.<br />
<br />
The configuration file has the following elements:<br />
*<tunnel> - the document root element<br />
*** <tuntap> - this element defines the tun/tap interface to connect to the host<br />
**** @ifname - this attribute specifies the interface name (it works for both Windows and Linux!)<br />
**** @type - either "tap" or "tun", on Windows only tap is supported<br />
**** @dhcpserver - (windows only, optional) enables automatic host IP configuration, this specifies the address of the virtual DHCP server<br />
**** @hostip - (windows only, optional) specifies the IP address to configure on the host (requires @dhcpserver to be set)<br />
**** @netmask - (windows only, optional) the network mask for host IP configuration (requires @dhcpserver and @hostip to be set)<br />
*** <quicktun> - defines the QuickTun VPN tunnel<br />
**** @local - (optional) specifies the local tunnel in IP:PORT format, eg 10.0.0.1:2997<br />
**** @remote - (optional) specifies the remote tunnel in IP:PORT format, eg 10.0.0.2:2997<br />
***** Note that at least one of local and remote must be specified!<br />
**** @protocol - specifies the QuickTun cryptographic protocol to use (currently supported are "raw", "nacl0", "nacltai" and "salty")<br />
**** <secretkey> - (nacl0, nacltai and salty protocols only) this element contains the secret key of the local end (eg <secretkey>THE_KEY_GOES_HERE_IN_HEXADECIMAL</secretkey>)<br />
**** <publickey> - (nacl0, nacltai and salty protocols only) this element contains the public key of the remote end<br />
<br />
Note that <xxx> indicates an XML element. @xxx indicates an attribute to the XML element. See also the example configuration file.<br />
<br />
== Protocol ==<br />
QuickTun supports four different protocols:<br />
{| class="wikitable"<br />
|-<br />
! scope="col"| Protocol name<br />
! scope="col"| Security<br />
! scope="col"| Overhead<br />
! scope="col"| Remarks<br />
! scope="col"| Details<br />
|-<br />
! scope="row"| raw<br />
| None<br />
| 0 bytes<br />
| Compatible with VirtualBox UDPTunnel<br />
| The IP or ethernet packet as it was read from the device is sent directly in an UDP packet<br />
|-<br />
! scope="row"| nacl0<br />
| Very weak<br />
| 16 bytes<br />
|<br />
| The IP or ethernet packet is encrypted using the curve25519xsalsa20poly1305_box function, with the nonce set to all zero, the first 16 all-zero bytes of the result are stripped off, the rest is sent in an UDP packet<br />
|-<br />
! scope="row"| nacltai<br />
| Secure<br />
| 32 bytes<br />
|<br />
| The IP or ethernet packet is encrypted using the curve25519xsalsa20poly1305_box function, with the nonce being <7bytes=0><1byte=local_pub_key>remote_pub_key?1:0><16bytes:tai64an_packed_timestamp>, the tai64an_packed_timestamp is copied to the beginning of the encrypted buffer (to the area that is normally all zero), the entire buffer is sent (crypto adds 32 bytes of overhead)<br />
|-<br />
! scope="row"| salty<br />
| Secure with PFS<br />
| 20 bytes + control packets<br />
| Requires at least one endpoint to have a fixed address<br />
| The IP or ethernet packet is encrypted using the curve25519xsalsa20poly1305_box function, with temporary keys and nonces which are periodically regenerated and exchanged; this protocol provides Perfect Forward Secrecy and does not depend on clock synchronization for replay protection; the current implementation does not work well if both endpoints are floating<br />
|}<br />
<br />
== QuickTun Linux kernel module ==<br />
Matthias is working on a Linux kernel module providing QuickTun functionality: http://git.universe-factory.net/modquicktun/<br />
<br />
== Links ==<br />
* Mercurial repository: http://oss.ucis.nl/hg/quicktun/<br />
* GitHub project: https://github.com/UCIS/QuickTun (git repository: https://github.com/UCIS/QuickTun.git)<br />
* BitBucket project: https://bitbucket.org/IvoSmits/quicktun<br />
* Debian/Ubuntu packages: http://apt.ucis.nl/packages/<br />
* Sourcecode archives: http://oss.ucis.nl/quicktun/src/ (latest: http://oss.ucis.nl/quicktun/src/quicktun.tgz)<br />
<br />
== Third party packages ==<br />
* ArchLinux: http://aur.archlinux.org/packages.php?ID=44278<br />
* FreeBSD (beta): http://hg.dereckson.be/freebsd-ports/src/tip/net/quicktun/<br />
* OpenWRT: https://dev.openwrt.org/browser/packages/net/quicktun<br />
<br />
== Thanks to... ==<br />
* somerandomnick, some anonymous person who introduced me to the NaCl cryptography library and encouraged me to extend [[Projects/Software/TunTapIO|TunTapIO]]<br />
* Daniel Dickinson <daniel@cshore.neomailbox.net>, who contributed [http://oss.ucis.nl/hg/quicktun/rev/51c6d2fc712f some fixes]<br />
* Everyone who uses QuickTun and has suggested improvements, reported bugs, supported me while fixing them, etc.<br />
<br />
== Support QuickTun ==<br />
You can support QuickTun by spreading the word, reporting bugs, suggesting fixes, porting it to other platforms, packaging it for other distributions, and more. If you would like to make a financial donation, you may send some money to my PayPal account Ivo@UFO-Net.nl, via bitcoin to [bitcoin:13LJt54w2VD9WZQgBG6hGdmny26wg4jqEH?message=QuickTun%20donation 13LJt54w2VD9WZQgBG6hGdmny26wg4jqEH] or ask me for my address (cash) or bank account (IBAN, send me an e-mail).</div>Adminhttp://wiki.ucis.nl/index.php?title=QuickTun&diff=172QuickTun2017-01-07T21:29:17Z<p>Admin: /* Protocol */</p>
<hr />
<div>QuickTun is probably the simplest VPN tunnel software ever, yet it's very secure. It relies on the [[NaCl]] encryption library by [http://cr.yp.to/ D. J. Bernstein].<br />
<br />
QuickTun uses the [http://nacl.cace-project.eu/box.html curve25519xsalsa20poly1305 crypto-box] functionality of the NaCl library for secure public-key encryption.<br />
<br />
And that's about all QuickTun does; encrypting and sending data. No fancy features which would only lead to bloating the binary. In fact, QuickTun itself has only a few hundred lines of pure C code, making it dead simple to maintain, analyze, debug and fix.<br />
<br />
== Installing QuickTun on Debian/Ubuntu Linux ==<br />
A precompiled package is available in the UCIS.nl apt repository:<br />
wget -q http://apt.ucis.nl/IvoSmits.asc -O- | apt-key add -<br />
echo "deb http://apt.ucis.nl/ current ucis" >> /etc/apt/sources.list<br />
apt-get update<br />
apt-get install quicktun<br />
<br />
If you prefer to compile QuickTun yourself, or if your platform is not covered in our repository, you can follow the steps below (Installing QuickTun on Linux), and either manually copy the files (from out/ and debian/static/etc/) to their destination, or install the generated debian package (dpkg -i out/quicktun*.deb).<br />
<br />
The tunnel can then be configured in the /etc/network/interfaces file:<br />
auto tun0<br />
iface tun0 inet static<br />
address 192.168.77.1<br />
pointopoint 192.168.77.2<br />
netmask 255.255.255.255<br />
qt_tun_mode 1<br />
qt_protocol nacltai<br />
qt_remote_address 1.2.3.4<br />
qt_local_address 9.8.7.6<br />
qt_private_key_file <LOCAL-SECRET-KEY-FILE><br />
qt_public_key <REMOTE-PUBLIC-KEY><br />
See below for supported configuration options. Please note that all options are written in lower case and are prefixed with qt_. The interface name is taken from the 'iface' entry.<br />
<br />
== Installing QuickTun on Linux or BSD ==<br />
Building QuickTun is very simple. Just run the following commands:<br />
wget http://oss.ucis.nl/quicktun/src/quicktun.tgz -O- | tar -xvz<br />
cd quicktun*<br />
./build.sh<br />
<br />
This command will first download and build the NaCl cryptography engine - this will take some time. When done, the out/ directory will contain a few binaries:<br />
* libquicktun.raw - dynamically loadable library which implements the 'raw' unencrypted quicktun protocol<br />
* quicktun.combined - the one you'll probably want to use, has all supported protocols and can be used 'stand alone'<br />
* quicktun.debian - a binary targeting Debian based systems, for optimal integration with Debian's network configuration files<br />
* quicktun.keypair - can be used to generate a public/secret key pair<br />
* quicktun.nacl0 - stand alone binary implementing the nacl0 protocol (NaCl encryption without nonce)<br />
* quicktun.nacltai - stand alone binary implementing the nacltai protocol (NaCl encryption with nonce)<br />
* quicktun.raw - stand alone binary implementing the 'raw' unencrypted protocol<br />
* quicktun-*.tgz - compressed tarball containing the sourcecode and build scripts, for distribution<br />
* quicktun-*.deb - a Debian binary package, only generated on Debian based systems<br />
<br />
You'll most likely want to use the out/quicktun.combined and out/quicktun.keypair executables. You may want to copy them to /usr/sbin.<br />
<br />
== Configuring QuickTun on Linux (non Debian/Ubuntu) ==<br />
QuickTun configuration is usually stored in a shell script like this:<br />
#!/bin/sh<br />
export TUN_MODE=1<br />
export PROTOCOL=nacltai<br />
export REMOTE_ADDRESS=ipaddress-of-remote-end<br />
export LOCAL_ADDRESS=ipaddress-of-local-end<br />
export PRIVATE_KEY=private-key-of-local-end<br />
export PUBLIC_KEY=public-key-of-remote-end<br />
/usr/sbin/quicktun<br />
<br />
Make sure that the script is not publicly readable because it contains the secret key: chmod 700 will do! To start the VPN tunnel, simply run the shellscript. You can also run the script using some service supervisor (daemon tools, supervisord).<br />
<br />
Alternatively all configuration can be specified on the command line like this:<br />
/usr/sbin/quicktun -c PROTOCOL nacltai -c TUN_MODE 1 -c PRIVATE_KEY_FILE secret.key -c PUBLIC_KEY public-key-of-remote-end<br />
<br />
== QuickTun configuration options ==<br />
* INTERFACE - interface name (non-debian systems only)<br />
* TUN_MODE - set to 1 to operate in tun (IP), unset or 0 (recent versions only) for tap (Ethernet) mode<br />
* USE_PI - set to 1 to include packet information header in wire packets, must be set on both sides if used; set to 2 to automatically add the packet information header for cross-platform compatibility (also compatible with USE_PI=0), some (BSD) kernels need USE_PI to be enabled for IPv6 support<br />
* REMOTE_ADDRESS - IP address or hostname of the remote end (use 0.0.0.0 for a floating/dynamic remote endpoint)<br />
* LOCAL_ADDRESS - IP address or hostname of the local end, optional<br />
* LOCAL_PORT - local UDP port, optional, defaults to 2998<br />
* REMOTE_PORT - remote UDP port, optional, defaults to LOCAL_PORT<br />
* REMOTE_FLOAT - allows the remote address and port to change when properly encrypted packets are received<br />
* TUN_UP_SCRIPT - run specified command or script after the tunnel device has been opened<br />
* SETUID - drop privileges and change user and group IDs to specified username after setting up the tunnel<br />
* nacl0, nacltai and salty (encrypted) protocols only:<br />
** PRIVATE_KEY - local secret key in hexadecimal form (not needed for raw protocol)<br />
** PUBLIC_KEY - remote public key in hexadecimal form (not needed for raw protocol)<br />
** PRIVATE_KEY_FILE - file containing local secret key in binary or hexadecimal form (not needed for raw protocol)<br />
* nacltai (encrypted) protocol only:<br />
** TIME_WINDOW - allowed time window for first received packet in seconds (positive number allows packets from history)<br />
* Combined binary only (quicktun.debian and quicktun.combined executables, Debian based systems):<br />
** PROTOCOL - the protocol to use, one of "raw", "nacl0" and "nacltai"<br />
* Debian /etc/network/interfaces only:<br />
** NO_PRECREATE - set to 1 to run QuickTun as root and not use a persistent tunnel device, unset otherwise<br />
<br />
== QuickTun on Windows ==<br />
A pure C# implementation of QuickTun and the required cryptography code is included in the [[VNE|Virtual Network Environment]]. This code can run on both, Windows and Linux systems, and provide full VPN functionality, in addition to many other features. The [[VNE/DNRouter|DNRouter]] software uses this library to provide QuickTun support.<br />
<br />
A stand-alone tunnel application is also available on http://oss.ucis.nl/vne/quicktun/. Download all files, rename example.xml to quicktun.xml and edit it according to your needs. Then run UCIS.QuickTun.exe. Note that you will have to create/install a tun/tap device before running the software. You can do this either by installing OpenVPN or tinc, or by downloading all files from http://oss.ucis.nl/vne/tuntapwin/ and running addtap.bat.<br />
<br />
The configuration file has the following elements:<br />
*<tunnel> - the document root element<br />
*** <tuntap> - this element defines the tun/tap interface to connect to the host<br />
**** @ifname - this attribute specifies the interface name (it works for both Windows and Linux!)<br />
**** @type - either "tap" or "tun", on Windows only tap is supported<br />
**** @dhcpserver - (windows only, optional) enables automatic host IP configuration, this specifies the address of the virtual DHCP server<br />
**** @hostip - (windows only, optional) specifies the IP address to configure on the host (requires @dhcpserver to be set)<br />
**** @netmask - (windows only, optional) the network mask for host IP configuration (requires @dhcpserver and @hostip to be set)<br />
*** <quicktun> - defines the QuickTun VPN tunnel<br />
**** @local - (optional) specifies the local tunnel in IP:PORT format, eg 10.0.0.1:2997<br />
**** @remote - (optional) specifies the remote tunnel in IP:PORT format, eg 10.0.0.2:2997<br />
***** Note that at least one of local and remote must be specified!<br />
**** @protocol - specifies the QuickTun cryptographic protocol to use (currently supported are "raw", "nacl0", "nacltai" and "salty")<br />
**** <secretkey> - (nacl0, nacltai and salty protocols only) this element contains the secret key of the local end (eg <secretkey>THE_KEY_GOES_HERE_IN_HEXADECIMAL</secretkey>)<br />
**** <publickey> - (nacl0, nacltai and salty protocols only) this element contains the public key of the remote end<br />
<br />
Note that <xxx> indicates an XML element. @xxx indicates an attribute to the XML element. See also the example configuration file.<br />
<br />
== Protocol ==<br />
QuickTun supports four different protocols:<br />
{| class="wikitable"<br />
|-<br />
! scope="col"| Protocol name<br />
! scope="col"| Security<br />
! scope="col"| Overhead<br />
! scope="col"| Remarks<br />
! scope="col"| Details<br />
|-<br />
! scope="row"| raw<br />
| None<br />
| 0 bytes<br />
| Compatible with VirtualBox UDPTunnel<br />
| The IP or ethernet packet as it was read from the device is sent directly in an UDP packet<br />
|-<br />
! scope="row"| nacl0<br />
| Very weak<br />
| 16 bytes<br />
|<br />
| The IP or ethernet packet is encrypted using the curve25519xsalsa20poly1305_box function, with the nonce set to all zero, the first 16 all-zero bytes of the result are stripped off, the rest is sent in an UDP packet<br />
|-<br />
! scope="row"| nacltai<br />
| Secure<br />
| 32 bytes<br />
|<br />
| The IP or ethernet packet is encrypted using the curve25519xsalsa20poly1305_box function, with the nonce being <7bytes=0><1byte=local_pub_key>remote_pub_key?1:0><16bytes:tai64an_packed_timestamp>, the tai64an_packed_timestamp is copied to the beginning of the encrypted buffer (to the area that is normally all zero), the entire buffer is sent (crypto adds 32 bytes of overhead)<br />
|-<br />
! scope="row"| salty<br />
| Secure with PFS<br />
| 20 bytes + control packets<br />
| Requires at least one endpoint to have a fixed address<br />
| The IP or ethernet packet is encrypted using the curve25519xsalsa20poly1305_box function, with temporary keys and nonces which are periodically regenerated and exchanged; this protocol provides Perfect Forward Secrecy and does not depend on clock synchronization for replay protection; the current implementation does not work well if both endpoints are floating<br />
|}<br />
<br />
== QuickTun Linux kernel module ==<br />
Matthias is working on a Linux kernel module providing QuickTun functionality: http://git.universe-factory.net/modquicktun/<br />
<br />
== Links ==<br />
* Mercurial repository: http://oss.ucis.nl/hg/quicktun/<br />
* GitHub project: https://github.com/UCIS/QuickTun (git repository: https://github.com/UCIS/QuickTun.git)<br />
* BitBucket project: https://bitbucket.org/IvoSmits/quicktun<br />
* Debian/Ubuntu packages: http://apt.ucis.nl/packages/<br />
* Sourcecode archives: http://oss.ucis.nl/quicktun/src/ (latest: http://oss.ucis.nl/quicktun/src/quicktun.tgz)<br />
<br />
== Third party packages ==<br />
* ArchLinux: http://aur.archlinux.org/packages.php?ID=44278<br />
* FreeBSD (beta): http://hg.dereckson.be/freebsd-ports/src/tip/net/quicktun/<br />
* OpenWRT: https://dev.openwrt.org/browser/packages/net/quicktun<br />
<br />
== Thanks to... ==<br />
* somerandomnick, some anonymous person who introduced me to the NaCl cryptography library and encouraged me to extend [[Projects/Software/TunTapIO|TunTapIO]]<br />
* Daniel Dickinson <daniel@cshore.neomailbox.net>, who contributed [http://oss.ucis.nl/hg/quicktun/rev/51c6d2fc712f some fixes]<br />
* Everyone who uses QuickTun and has suggested improvements, reported bugs, supported me while fixing them, etc.<br />
<br />
== Support QuickTun ==<br />
You can support QuickTun by spreading the word, reporting bugs, suggesting fixes, porting it to other platforms, packaging it for other distributions, and more. If you would like to make a financial donation, you may send some money to my PayPal account Ivo@UFO-Net.nl, via bitcoin to 14ZXbe1wFrXDHXbkhnu23ohqn8U6p2wXfu or ask me for my address (cash) or bank account (IBAN, send me an e-mail).</div>Adminhttp://wiki.ucis.nl/index.php?title=Anonet&diff=17Anonet2014-11-21T20:22:59Z<p>Admin: /* Anonet internal services */</p>
<hr />
<div>=== About Anonet ===<br />
Anonet is a decentralized IP based darknet. It's implemented as a bunch of (mostly peer to peer) VPN tunnels over the internet, and (usually Linux based) BGP speaking IP (mostly IPv4) routers.<br />
<br />
Anonet has claimed the IPv4 subnetwork 1.0.0.0/8 to provide every participant with sufficient IPv4 addresses to address the entire network with 'publicly' routable IP addresses. There's usually no need for NAT on Anonet, and people tend to use it to connect to their own computers from locations that would otherwise not allow them to do so (think breaking through firewalls).<br />
<br />
Anonet's ultimate goal is to replace the internet as we know it, to provide everybody with a free (freedom of speech) and censorship resistant network, without one ever growing centralized government. Whether this will ever happen is unsure, but resistance against control and censorship by our governments is definitely growing.<br />
<br />
If you're not in for the freedom, not all hope is lost yet. Anonet is a great place to learn about- and experiment with all kinds of computer networking concepts and technologies. As a participant, you will learn a lot about Virtual Private Networks, BGP, IP routing, Linux, programming and computer networking in general. You can freely deploy your own experimental services, protocols and applications. We're currently using it as a testbed for both [[QuickTun]] and [[VNE]].<br />
<br />
=== Getting started ===<br />
The best way to get started on anonet is probably to join our IRC chat. You can do so from the internet by visiting irc://irc.kwaaknet.org/anonet or http://webchat.kwaaknet.org/?c=anonet. (WARNING! These servers will expose your IP address!) Alternatively, you can hop on straight onto the Client Port, which is simply a public VPN server. Detailed instructions for connecting are listed at http://ix.ucis.nl/clientport.php. Once connected, you can join our chat on irc://1.3.3.7/anonet. More information about Anonet and client ports is available at http://www.anonet.org/.<br />
<br />
=== AnoNet on Windows ===<br />
If you want to participate in AnoNet using a Windows system, you have a few options. You can run Linux using virtualization software like VirtualBox or CoLinux. Or you can use the [[VNE/DNRouter]] software, which has everything you need in a single binary.<br />
<br />
=== Anonet public services ===<br />
*http://ix.ucis.nl/<br />
*http://x5yd2gfthlfgdqjg.onion/ - Web proxy into Anonet<br />
<br />
=== Anonet internal services ===<br />
*http://www.ucis.ano/ - personal homepage including anonet looking glass, BGP graph, resource database<br />
*http://wiki.ucis.ano/ - this wiki<br />
*http://marc.ucis.ano/ - Web interface to the resource database<br />
*http://ix.ucis.ano/ - informative / router looking glass<br />
*http://wikileaks.ucis.ano/ - partial and outdated WikiLeaks mirror<br />
*irc://irc.kwaaknet.ano/anonet - Kwaaknet.org IRC network<br />
*[http://delta.ucis.ano:9091/?channels=anonet http://delta.ucis.ano:9091/] - Kwaaknet.org webchat<br />
*1.3.3.64 - Public DNS recursor (.ano, .dn42, ICANN TLDs)<br />
*1.3.3.67 - .ano TLD server<br />
<br />
=== Anonet internal services by others ===<br />
*http://www.sfor.ano/ - Personal homepage including Pastebin, wiki, webchat, forum, git hosting, e-mail hosting and more<br />
<br />
=== Anonet related articles ===<br />
*[[IRCRelay]] - IRC relay software to forward messages among channels on different IRC networks<br />
*[[VANet]]<br />
*[[QuickTun]] - Simple and secure VPN software<br />
*[[VNE]] - User-space networking environment including TCP/IP stack in C#<br />
*[[Peer2Cloud]]<br />
*[[UDPMSG3]] - Decentralized, "fail-safe" broadcast protocol<br />
*[[MARC]] - Magic Anonet Resource Claims system<br />
*[[Anonet/BIRD|BIRD router example configuration]]<br />
*[[Anonet/Internetaccess|Accessing the internet from Anonet]]</div>Adminhttp://wiki.ucis.nl/index.php?title=Anonet&diff=16Anonet2014-11-21T16:34:49Z<p>Admin: /* Anonet internal services by others */</p>
<hr />
<div>=== About Anonet ===<br />
Anonet is a decentralized IP based darknet. It's implemented as a bunch of (mostly peer to peer) VPN tunnels over the internet, and (usually Linux based) BGP speaking IP (mostly IPv4) routers.<br />
<br />
Anonet has claimed the IPv4 subnetwork 1.0.0.0/8 to provide every participant with sufficient IPv4 addresses to address the entire network with 'publicly' routable IP addresses. There's usually no need for NAT on Anonet, and people tend to use it to connect to their own computers from locations that would otherwise not allow them to do so (think breaking through firewalls).<br />
<br />
Anonet's ultimate goal is to replace the internet as we know it, to provide everybody with a free (freedom of speech) and censorship resistant network, without one ever growing centralized government. Whether this will ever happen is unsure, but resistance against control and censorship by our governments is definitely growing.<br />
<br />
If you're not in for the freedom, not all hope is lost yet. Anonet is a great place to learn about- and experiment with all kinds of computer networking concepts and technologies. As a participant, you will learn a lot about Virtual Private Networks, BGP, IP routing, Linux, programming and computer networking in general. You can freely deploy your own experimental services, protocols and applications. We're currently using it as a testbed for both [[QuickTun]] and [[VNE]].<br />
<br />
=== Getting started ===<br />
The best way to get started on anonet is probably to join our IRC chat. You can do so from the internet by visiting irc://irc.kwaaknet.org/anonet or http://webchat.kwaaknet.org/?c=anonet. (WARNING! These servers will expose your IP address!) Alternatively, you can hop on straight onto the Client Port, which is simply a public VPN server. Detailed instructions for connecting are listed at http://ix.ucis.nl/clientport.php. Once connected, you can join our chat on irc://1.3.3.7/anonet. More information about Anonet and client ports is available at http://www.anonet.org/.<br />
<br />
=== AnoNet on Windows ===<br />
If you want to participate in AnoNet using a Windows system, you have a few options. You can run Linux using virtualization software like VirtualBox or CoLinux. Or you can use the [[VNE/DNRouter]] software, which has everything you need in a single binary.<br />
<br />
=== Anonet public services ===<br />
*http://ix.ucis.nl/<br />
*http://x5yd2gfthlfgdqjg.onion/ - Web proxy into Anonet<br />
<br />
=== Anonet internal services ===<br />
*http://www.ucis.ano/ - personal homepage including anonet looking glass, BGP graph, resource database<br />
*http://wiki.ucis.ano/ - this wiki<br />
*http://marc.ucis.ano/ - Web interface to the resource database<br />
*http://ix.ucis.ano/ - informative / router looking glass<br />
*http://wikileaks.ucis.ano/ - partial and outdated WikiLeaks mirror<br />
*irc://irc.kwaaknet.ano/anonet - Kwaaknet.org IRC network<br />
*1.3.3.64 - Public DNS recursor (.ano, .dn42, ICANN TLDs)<br />
*1.3.3.67 - .ano TLD server<br />
<br />
=== Anonet internal services by others ===<br />
*http://www.sfor.ano/ - Personal homepage including Pastebin, wiki, webchat, forum, git hosting, e-mail hosting and more<br />
<br />
=== Anonet related articles ===<br />
*[[IRCRelay]] - IRC relay software to forward messages among channels on different IRC networks<br />
*[[VANet]]<br />
*[[QuickTun]] - Simple and secure VPN software<br />
*[[VNE]] - User-space networking environment including TCP/IP stack in C#<br />
*[[Peer2Cloud]]<br />
*[[UDPMSG3]] - Decentralized, "fail-safe" broadcast protocol<br />
*[[MARC]] - Magic Anonet Resource Claims system<br />
*[[Anonet/BIRD|BIRD router example configuration]]<br />
*[[Anonet/Internetaccess|Accessing the internet from Anonet]]</div>Admin