tinc/src/Makefile.am

## Produce this file with automake to get Makefile.in

sbin_PROGRAMS = tincd tincctl sptps_test

EXTRA_DIST = linux bsd solaris cygwin mingw openssl gcrypt

tincd_SOURCES = \
	utils.c getopt.c getopt1.c list.c splay_tree.c dropin.c fake-getaddrinfo.c fake-getnameinfo.c hash.c \
	buffer.c conf.c connection.c control.c edge.c graph.c logger.c meta.c net.c net_packet.c net_setup.c \
	net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \
	protocol_key.c protocol_subnet.c route.c sptps.c subnet.c subnet_parse.c tincd.c \
	dummy_device.c raw_socket_device.c multicast_device.c
	
if UML
tincd_SOURCES += uml_device.c
endif

if VDE
tincd_SOURCES += vde_device.c
endif

nodist_tincd_SOURCES = \
	device.c cipher.c crypto.c ecdh.c ecdsa.c digest.c prf.c rsa.c

tincctl_SOURCES = \
	utils.c getopt.c getopt1.c dropin.c \
	info.c list.c subnet_parse.c tincctl.c top.c

nodist_tincctl_SOURCES = \
	ecdsagen.c rsagen.c

sptps_test_SOURCES = \
	logger.c cipher.c crypto.c ecdh.c ecdsa.c digest.c prf.c \
	sptps.c sptps_test.c utils.c

if TUNEMU
tincd_SOURCES += bsd/tunemu.c
endif

tincctl_LDADD = $(CURSES_LIBS) $(READLINE_LIBS)

DEFAULT_INCLUDES =

INCLUDES = @INCLUDES@ -I$(top_builddir)

noinst_HEADERS = \
	xalloc.h utils.h getopt.h list.h splay_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h fake-gai-errnos.h ipv6.h ipv4.h ethernet.h \
	buffer.h conf.h connection.h control.h control_common.h device.h edge.h graph.h info.h logger.h meta.h net.h netutl.h node.h process.h \
	protocol.h route.h subnet.h sptps.h tincctl.h top.h bsd/tunemu.h hash.h

nodist_noinst_HEADERS = \
	cipher.h crypto.h ecdh.h ecdsa.h digest.h prf.h rsa.h ecdsagen.h rsagen.h

LIBS = @LIBS@ @LIBGCRYPT_LIBS@

if TUNEMU
LIBS += -lpcap
endif

AM_CFLAGS = -DCONFDIR=\"$(sysconfdir)\" -DLOCALSTATEDIR=\"$(localstatedir)\" -DSBINDIR=\"$(sbindir)\"

dist-hook:
	rm -f `find . -type l`
Initial revision 2000-03-26 00:33:07 +00:00			`## Produce this file with automake to get Makefile.in`

Start of "Simple Peer-To-Peer Security" protocol. Encryption and authentication of the meta connection is spread out over meta.c and protocol_auth.c. The new protocol was added there as well, leading to spaghetti code. To improve things, the new protocol will now be implemented in sptps.[ch]. The goal is to have a very simplified version of TLS. There is a record layer, and there are only two record types: application data and handshake messages. The handshake message contains a random nonce, an ephemeral ECDH public key, and an ECDSA signature over the former. After the ECDH public keys are exchanged, a shared secret is calculated, and a TLS style PRF is used to generate the key material for the cipher and HMAC algorithm, and further communication is encrypted and authenticated. A lot of the simplicity comes from the fact that both sides must have each other's public keys in advance, and there are no options to choose. There will be one fixed cipher suite, and both peers always authenticate each other. (Inspiration taken from Ian Grigg's hypotheses[0].) There might be some compromise in the future, to enable or disable encryption, authentication and compression, but there will be no choice of algorithms. This will allow SPTPS to be built with a few embedded crypto algorithms instead of linking with huge crypto libraries. The API is also kept simple. There is a start and a stop function. All data necessary to make the connection work is passed in the start function. Instead having both send- and receive-record functions, there is a send-record function and a receive-data function. The latter will pass protocol data received from the peer to the SPTPS implementation, which will in turn call a receive-record callback function when necessary. This hides all the handshaking from the application, and is completely independent from any event loop or socket characteristics. [0] http://iang.org/ssl/hn_hypotheses_in_secure_protocol_design.html 2011-07-24 13:44:51 +00:00			`sbin_PROGRAMS = tincd tincctl sptps_test`
Initial revision 2000-03-26 00:33:07 +00:00
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1 Conflicts: NEWS README configure.in doc/tincd.8.in src/Makefile.am src/bsd/device.c src/connection.c src/connection.h src/cygwin/device.c src/device.h src/dropin.h src/linux/device.c src/mingw/device.c src/net.c src/net_packet.c src/net_setup.c src/net_socket.c src/process.c src/protocol.c src/protocol_key.c src/raw_socket_device.c src/route.c src/solaris/device.c src/tincd.c src/uml_device.c 2012-02-22 13:23:59 +00:00			`EXTRA_DIST = linux bsd solaris cygwin mingw openssl gcrypt`
Merging of the entire pre5 branch. 2002-02-10 21:57:54 +00:00
Move source from lib/ to src/. The utility functions in the lib/ directory do not really form a library. Also, now that we build two binaries, tincctl does not need everything that was in libvpn.a, so it is wasteful to link to it. 2009-12-31 12:19:13 +00:00			`tincd_SOURCES = \`
Add a simple hash table implementation. 2012-09-05 10:44:41 +00:00			`utils.c getopt.c getopt1.c list.c splay_tree.c dropin.c fake-getaddrinfo.c fake-getnameinfo.c hash.c \`
Ensure the right files end up in the tarball after make dist. 2011-06-25 15:08:40 +00:00			`buffer.c conf.c connection.c control.c edge.c graph.c logger.c meta.c net.c net_packet.c net_setup.c \`
Move source from lib/ to src/. The utility functions in the lib/ directory do not really form a library. Also, now that we build two binaries, tincctl does not need everything that was in libvpn.a, so it is wasteful to link to it. 2009-12-31 12:19:13 +00:00			`net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \`
Move all functions related to subnet parsing to subnet_parse.c. 2012-07-15 22:52:50 +00:00			`protocol_key.c protocol_subnet.c route.c sptps.c subnet.c subnet_parse.c tincd.c \`
Add support for multicast communication with UML/QEMU/KVM. DeviceType = multicast allows one to specify a multicast address and port with a Device statement. Tinc will then read/send packets to that multicast group instead of to a tun/tap device. This allows interaction with UML, QEMU and KVM instances that are listening on the same group. 2012-03-21 16:00:53 +00:00			`dummy_device.c raw_socket_device.c multicast_device.c`
Allow linking with multiple device drivers. Apart from the platform specific tun/tap driver, link with the dummy and raw_socket devices, and optionally with support for UML and VDE devices. At runtime, the DeviceType option can be used to select which driver to use. 2011-12-04 00:20:59 +00:00
			`if UML`
			`tincd_SOURCES += uml_device.c`
			`endif`

			`if VDE`
			`tincd_SOURCES += vde_device.c`
			`endif`
Ensure the right files end up in the tarball after make dist. 2011-06-25 15:08:40 +00:00
			`nodist_tincd_SOURCES = \`
Add ECDSA key import. 2011-07-03 21:44:43 +00:00			`device.c cipher.c crypto.c ecdh.c ecdsa.c digest.c prf.c rsa.c`
Initial revision 2000-03-26 00:33:07 +00:00
Move source from lib/ to src/. The utility functions in the lib/ directory do not really form a library. Also, now that we build two binaries, tincctl does not need everything that was in libvpn.a, so it is wasteful to link to it. 2009-12-31 12:19:13 +00:00			`tincctl_SOURCES = \`
Drop the GNU malloc.c, realloc.c, and xmalloc.c. We live in the 21st century, and we require C99 semantics, so we do not need to work around buggy libcs. The xmalloc() and related functions are now static inline functions. 2011-06-02 15:45:06 +00:00			`utils.c getopt.c getopt1.c dropin.c \`
"tincctl info" gives more human readable information about nodes or subnets. 2012-07-15 23:05:25 +00:00			`info.c list.c subnet_parse.c tincctl.c top.c`
Ensure the right files end up in the tarball after make dist. 2011-06-25 15:08:40 +00:00
			`nodist_tincctl_SOURCES = \`
Have tincctl generate ECDSA keys. The generate-keys command now generates both an RSA and an ECDSA keypair, but one can generate-rsa-keys or generate-ecdsa-keys to just generate one type. 2011-07-03 20:25:29 +00:00			`ecdsagen.c rsagen.c`
Start of control socket implementation. 2007-05-18 16:52:34 +00:00
Start of "Simple Peer-To-Peer Security" protocol. Encryption and authentication of the meta connection is spread out over meta.c and protocol_auth.c. The new protocol was added there as well, leading to spaghetti code. To improve things, the new protocol will now be implemented in sptps.[ch]. The goal is to have a very simplified version of TLS. There is a record layer, and there are only two record types: application data and handshake messages. The handshake message contains a random nonce, an ephemeral ECDH public key, and an ECDSA signature over the former. After the ECDH public keys are exchanged, a shared secret is calculated, and a TLS style PRF is used to generate the key material for the cipher and HMAC algorithm, and further communication is encrypted and authenticated. A lot of the simplicity comes from the fact that both sides must have each other's public keys in advance, and there are no options to choose. There will be one fixed cipher suite, and both peers always authenticate each other. (Inspiration taken from Ian Grigg's hypotheses[0].) There might be some compromise in the future, to enable or disable encryption, authentication and compression, but there will be no choice of algorithms. This will allow SPTPS to be built with a few embedded crypto algorithms instead of linking with huge crypto libraries. The API is also kept simple. There is a start and a stop function. All data necessary to make the connection work is passed in the start function. Instead having both send- and receive-record functions, there is a send-record function and a receive-data function. The latter will pass protocol data received from the peer to the SPTPS implementation, which will in turn call a receive-record callback function when necessary. This hides all the handshaking from the application, and is completely independent from any event loop or socket characteristics. [0] http://iang.org/ssl/hn_hypotheses_in_secure_protocol_design.html 2011-07-24 13:44:51 +00:00			`sptps_test_SOURCES = \`
			`logger.c cipher.c crypto.c ecdh.c ecdsa.c digest.c prf.c \`
Use SPTPS when ExperimentalProtocol is enabled. 2012-02-25 17:25:21 +00:00			`sptps.c sptps_test.c utils.c`
Start of "Simple Peer-To-Peer Security" protocol. Encryption and authentication of the meta connection is spread out over meta.c and protocol_auth.c. The new protocol was added there as well, leading to spaghetti code. To improve things, the new protocol will now be implemented in sptps.[ch]. The goal is to have a very simplified version of TLS. There is a record layer, and there are only two record types: application data and handshake messages. The handshake message contains a random nonce, an ephemeral ECDH public key, and an ECDSA signature over the former. After the ECDH public keys are exchanged, a shared secret is calculated, and a TLS style PRF is used to generate the key material for the cipher and HMAC algorithm, and further communication is encrypted and authenticated. A lot of the simplicity comes from the fact that both sides must have each other's public keys in advance, and there are no options to choose. There will be one fixed cipher suite, and both peers always authenticate each other. (Inspiration taken from Ian Grigg's hypotheses[0].) There might be some compromise in the future, to enable or disable encryption, authentication and compression, but there will be no choice of algorithms. This will allow SPTPS to be built with a few embedded crypto algorithms instead of linking with huge crypto libraries. The API is also kept simple. There is a start and a stop function. All data necessary to make the connection work is passed in the start function. Instead having both send- and receive-record functions, there is a send-record function and a receive-data function. The latter will pass protocol data received from the peer to the SPTPS implementation, which will in turn call a receive-record callback function when necessary. This hides all the handshaking from the application, and is completely independent from any event loop or socket characteristics. [0] http://iang.org/ssl/hn_hypotheses_in_secure_protocol_design.html 2011-07-24 13:44:51 +00:00
Add support for iPhones and recent iPods. This is a slightly modified patch from Grzegorz Dymarek that allows tinc to use the tunemu device, which allows tinc to be compiled for iPhones and recent iPods. To enable support for tunemu, the --enable-tunemu option has to be used when running the configure script. 2009-09-10 17:32:54 +00:00			`if TUNEMU`
			`tincd_SOURCES += bsd/tunemu.c`
			`endif`

Have tincctl act as a shell when no command is given. By default it uses readline to read commands. If the input and output are not a tty, no prompt is shown. 2012-08-02 15:24:42 +00:00			`tincctl_LDADD = $(CURSES_LIBS) $(READLINE_LIBS)`
Add a very primitive "top" command to tincctl. 2011-05-15 11:16:48 +00:00
Prevent system headers from including our own headers. 2003-08-02 15:13:08 +00:00			`DEFAULT_INCLUDES =`

Move source from lib/ to src/. The utility functions in the lib/ directory do not really form a library. Also, now that we build two binaries, tincctl does not need everything that was in libvpn.a, so it is wasteful to link to it. 2009-12-31 12:19:13 +00:00			`INCLUDES = @INCLUDES@ -I$(top_builddir)`
Initial revision 2000-03-26 00:33:07 +00:00
Move source from lib/ to src/. The utility functions in the lib/ directory do not really form a library. Also, now that we build two binaries, tincctl does not need everything that was in libvpn.a, so it is wasteful to link to it. 2009-12-31 12:19:13 +00:00			`noinst_HEADERS = \`
			`xalloc.h utils.h getopt.h list.h splay_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h fake-gai-errnos.h ipv6.h ipv4.h ethernet.h \`
Make sure sptps.h and info.h are in the tarball. 2012-07-21 11:02:35 +00:00			`buffer.h conf.h connection.h control.h control_common.h device.h edge.h graph.h info.h logger.h meta.h net.h netutl.h node.h process.h \`
Add a simple hash table implementation. 2012-09-05 10:44:41 +00:00			`protocol.h route.h subnet.h sptps.h tincctl.h top.h bsd/tunemu.h hash.h`
Ensure symlinked files do not end up in the tarball. 2011-07-17 08:59:54 +00:00
			`nodist_noinst_HEADERS = \`
			`cipher.h crypto.h ecdh.h ecdsa.h digest.h prf.h rsa.h ecdsagen.h rsagen.h`
Initial revision 2000-03-26 00:33:07 +00:00
Merge branch 'master' into 1.1 Conflicts: NEWS configure.in lib/Makefile.am lib/pidfile.c lib/pidfile.h lib/utils.c po/POTFILES.in po/nl.po src/Makefile.am src/bsd/device.c src/conf.c src/connection.c src/cygwin/device.c src/edge.c src/event.c src/graph.c src/linux/device.c src/meta.c src/mingw/device.c src/net.c src/net_packet.c src/net_setup.c src/net_socket.c src/netutl.c src/node.c src/process.c src/protocol.c src/protocol_auth.c src/protocol_edge.c src/protocol_key.c src/protocol_misc.c src/protocol_subnet.c src/raw_socket/device.c src/route.c src/solaris/device.c src/subnet.c src/tincd.c src/uml_socket/device.c 2009-09-29 12:55:29 +00:00			`LIBS = @LIBS@ @LIBGCRYPT_LIBS@`
Initial revision 2000-03-26 00:33:07 +00:00
Add support for iPhones and recent iPods. This is a slightly modified patch from Grzegorz Dymarek that allows tinc to use the tunemu device, which allows tinc to be compiled for iPhones and recent iPods. To enable support for tunemu, the --enable-tunemu option has to be used when running the configure script. 2009-09-10 17:32:54 +00:00			`if TUNEMU`
			`LIBS += -lpcap`
			`endif`

Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1 Conflicts: NEWS README configure.in src/Makefile.am 2011-06-24 19:40:55 +00:00			`AM_CFLAGS = -DCONFDIR=\"$(sysconfdir)\" -DLOCALSTATEDIR=\"$(localstatedir)\" -DSBINDIR=\"$(sbindir)\"`
Added lint target, requires lclint. 2000-12-22 17:15:26 +00:00
Remove symlink to device.c when doing a make dist. 2002-03-27 15:47:06 +00:00			`dist-hook:`
			rm -f `find . -type l`