From e4f3d93ec62871d1ae11b460627aef0da1b23cd2 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 7 May 2001 19:08:46 +0000 Subject: [PATCH] - s/ip_t/ipv4_t/g - Add "salt" to the beginning of UDP packets. Replaces length field which is not useful anyway. --- ABOUT-NLS | 276 ++++++++++++++++++++++++++++++------------------- src/net.c | 26 +++-- src/net.h | 10 +- src/netutl.c | 4 +- src/protocol.c | 4 +- 5 files changed, 192 insertions(+), 128 deletions(-) diff --git a/ABOUT-NLS b/ABOUT-NLS index 28d38c7..d562134 100644 --- a/ABOUT-NLS +++ b/ABOUT-NLS @@ -8,7 +8,7 @@ A few packages already provide translations for their messages. If you found this `ABOUT-NLS' file inside a distribution, you may assume that the distributed package does use GNU `gettext' internally, -itself available at your nearest GNU archive site. But you do *not* +itself available at your nearest GNU archive site. But you do _not_ need to install GNU `gettext' prior to configuring, installing or using this package with messages translated. @@ -22,8 +22,8 @@ related to internationalization, you should tell about the version of `gettext' which is used. The information can be found in the `intl/VERSION' file, in internationalized packages. -One advise in advance -===================== +Quick configuration advice +========================== If you want to exploit the full power of internationalization, you should configure it using @@ -34,13 +34,14 @@ to force usage of internationalizing routines provided within this package, despite the existence of internationalizing capabilities in the operating system where this package is being installed. So far, only the `gettext' implementation in the GNU C library version 2 provides as -many features (such as locale alias or message inheritance) as the -implementation here. It is also not possible to offer this additional -functionality on top of a `catgets' implementation. Future versions of -GNU `gettext' will very likely convey even more functionality. So it -might be a good idea to change to GNU `gettext' as soon as possible. - - So you need not provide this option if you are using GNU libc 2 or +many features (such as locale alias, message inheritance, automatic +charset conversion or plural form handling) as the implementation here. +It is also not possible to offer this additional functionality on top +of a `catgets' implementation. Future versions of GNU `gettext' will +very likely convey even more functionality. So it might be a good idea +to change to GNU `gettext' as soon as possible. + + So you need _not_ provide this option if you are using GNU libc 2 or you have installed a recent copy of the GNU gettext package with the included `libintl'. @@ -53,23 +54,20 @@ Most such packages use GNU `gettext'. Other packages have their own ways to internationalization, predating GNU `gettext'. By default, this package will be installed to allow translation of -messages. It will automatically detect whether the system provides -usable `catgets' (if using this is selected by the installer) or -`gettext' functions. If neither is available, the GNU `gettext' own +messages. It will automatically detect whether the system already +provides the GNU `gettext' functions. If not, the GNU `gettext' own library will be used. This library is wholly contained within this package, usually in the `intl/' subdirectory, so prior installation of -the GNU `gettext' package is *not* required. Installers may use +the GNU `gettext' package is _not_ required. Installers may use special options at configuration time for changing the default behaviour. The commands: ./configure --with-included-gettext - ./configure --with-catgets ./configure --disable-nls -will respectively bypass any pre-existing `catgets' or `gettext' to use -the internationalizing routines provided within this package, enable -the use of the `catgets' functions (if found on the locale system), or -else, *totally* disable translation of messages. +will respectively bypass any pre-existing `gettext' to use the +internationalizing routines provided within this package, or else, +_totally_ disable translation of messages. When you already have GNU `gettext' installed on your system and run configure without an option for your new package, `configure' will @@ -83,18 +81,10 @@ package is more recent, you should use to prevent auto-detection. - By default the configuration process will not test for the `catgets' -function and therefore they will not be used. The reasons are already -given above: the emulation on top of `catgets' cannot provide all the -extensions provided by the GNU `gettext' library. If you nevertheless -want to use the `catgets' functions use - - ./configure --with-catgets - -to enable the test for `catgets' (this causes no harm if `catgets' is -not available on your system). If you really select this option we -would like to hear about the reasons because we cannot think of any -good one ourself. + The configuration process will not test for the `catgets' function +and therefore it will not be used. The reason is that even an +emulation of `gettext' on top of `catgets' could not provide all the +extensions of the GNU `gettext' library. Internationalized packages have usually many `po/LL.po' files, where LL gives an ISO 639 two-letter code identifying the language. Unless @@ -110,22 +100,35 @@ Using This Package As a user, if your language has been installed for this package, you only have to set the `LANG' environment variable to the appropriate -ISO 639 `LL' two-letter code prior to using the programs in the -package. For example, let's suppose that you speak German. At the -shell prompt, merely execute `setenv LANG de' (in `csh'), -`export LANG; LANG=de' (in `sh') or `export LANG=de' (in `bash'). This -can be done from your `.login' or `.profile' file, once and for all. - - An operating system might already offer message localization for -many of its programs, while other programs have been installed locally -with the full capabilities of GNU `gettext'. Just using `gettext' -extended syntax for `LANG' would break proper localization of already -available operating system programs. In this case, users should set -both `LANGUAGE' and `LANG' variables in their environment, as programs -using GNU `gettext' give preference to `LANGUAGE'. For example, some -Swedish users would rather read translations in German than English for -when Swedish is not available. This is easily accomplished by setting -`LANGUAGE' to `sv:de' while leaving `LANG' to `sv'. +`LL_CC' combination. Here `LL' is an ISO 639 two-letter language code, +and `CC' is an ISO 3166 two-letter country code. For example, let's +suppose that you speak German and live in Germany. At the shell +prompt, merely execute `setenv LANG de_DE' (in `csh'), +`export LANG; LANG=de_DE' (in `sh') or `export LANG=de_DE' (in `bash'). +This can be done from your `.login' or `.profile' file, once and for +all. + + You might think that the country code specification is redundant. +But in fact, some languages have dialects in different countries. For +example, `de_AT' is used for Austria, and `pt_BR' for Brazil. The +country code serves to distinguish the dialects. + + Not all programs have translations for all languages. By default, an +English message is shown in place of a nonexistent translation. If you +understand other languages, you can set up a priority list of languages. +This is done through a different environment variable, called +`LANGUAGE'. GNU `gettext' gives preference to `LANGUAGE' over `LANG' +for the purpose of message handling, but you still need to have `LANG' +set to the primary language; this is required by other parts of the +system libraries. For example, some Swedish users who would rather +read translations in German than English for when Swedish is not +available, set `LANGUAGE' to `sv:de' while leaving `LANG' to `sv_SE'. + + In the `LANGUAGE' environment variable, but not in the `LANG' +environment variable, `LL_CC' combinations can be abbreviated as `LL' +to denote the language's main dialect. For example, `de' is equivalent +to `de_DE' (German as spoken in Germany), and `pt' to `pt_PT' +(Portuguese as spoken in Portugal) in this context. Translating Teams ================= @@ -133,33 +136,21 @@ Translating Teams For the Free Translation Project to be a success, we need interested people who like their own language and write it well, and who are also able to synergize with other translators speaking the same language. -Each translation team has its own mailing list, courtesy of Linux -International. You may reach your translation team at the address -`LL@li.org', replacing LL by the two-letter ISO 639 code for your -language. Language codes are *not* the same as the country codes given -in ISO 3166. The following translation teams exist, as of December -1997: - - Chinese `zh', Czech `cs', Danish `da', Dutch `nl', English `en', - Esperanto `eo', Finnish `fi', French `fr', German `de', Hungarian - `hu', Irish `ga', Italian `it', Indonesian `id', Japanese `ja', - Korean `ko', Latin `la', Norwegian `no', Persian `fa', Polish - `pl', Portuguese `pt', Russian `ru', Slovenian `sl', Spanish `es', - Swedish `sv', and Turkish `tr'. - -For example, you may reach the Chinese translation team by writing to -`zh@li.org'. - - If you'd like to volunteer to *work* at translating messages, you +Each translation team has its own mailing list. The up-to-date list of +teams can be found at the Free Translation Project's homepage, +`http://www.iro.umontreal.ca/contrib/po/HTML/', in the "National teams" +area. + + If you'd like to volunteer to _work_ at translating messages, you should become a member of the translating team for your own language. -The subscribing address is *not* the same as the list itself, it has +The subscribing address is _not_ the same as the list itself, it has `-request' appended. For example, speakers of Swedish can send a message to `sv-request@li.org', having this message body: subscribe Keep in mind that team members are expected to participate -*actively* in translations, or at solving translational difficulties, +_actively_ in translations, or at solving translational difficulties, rather than merely lurking around. If your team does not exist yet and you want to start one, or if you are unsure about what to do or how to get started, please write to `translation@iro.umontreal.ca' to reach the @@ -173,42 +164,98 @@ Available Packages ================== Languages are not equally supported in all packages. The following -matrix shows the current state of internationalization, as of December -1997. The matrix shows, in regard of each package, for which languages -PO files have been submitted to translation coordination. - - Ready PO files cs da de en es fi fr it ja ko nl no pl pt ru sl sv - .----------------------------------------------------. - bash | [] [] [] | 3 - bison | [] [] [] | 3 - clisp | [] [] [] [] | 4 - cpio | [] [] [] [] [] [] | 6 - diffutils | [] [] [] [] [] | 5 - enscript | [] [] [] [] [] [] | 6 - fileutils | [] [] [] [] [] [] [] [] [] [] | 10 - findutils | [] [] [] [] [] [] [] [] [] | 9 - flex | [] [] [] [] | 4 - gcal | [] [] [] [] [] | 5 - gettext | [] [] [] [] [] [] [] [] [] [] [] | 12 - grep | [] [] [] [] [] [] [] [] [] [] | 10 - hello | [] [] [] [] [] [] [] [] [] [] [] | 11 - id-utils | [] [] [] | 3 - indent | [] [] [] [] [] | 5 - libc | [] [] [] [] [] [] [] | 7 - m4 | [] [] [] [] [] [] | 6 - make | [] [] [] [] [] [] | 6 - music | [] [] | 2 - ptx | [] [] [] [] [] [] [] [] | 8 - recode | [] [] [] [] [] [] [] [] [] | 9 - sh-utils | [] [] [] [] [] [] [] [] | 8 - sharutils | [] [] [] [] [] [] | 6 - tar | [] [] [] [] [] [] [] [] [] [] [] | 11 - texinfo | [] [] [] | 3 - textutils | [] [] [] [] [] [] [] [] [] | 9 - wdiff | [] [] [] [] [] [] [] [] | 8 - `----------------------------------------------------' - 17 languages cs da de en es fi fr it ja ko nl no pl pt ru sl sv - 27 packages 6 4 25 1 18 1 26 2 1 12 20 9 19 7 4 7 17 179 +matrix shows the current state of internationalization, as of July +2000. The matrix shows, in regard of each package, for which languages +PO files have been submitted to translation coordination, with a +translation percentage of at least 50%. + + Ready PO files bg cs da de el en eo es et fi fr gl hr id it + .----------------------------------------------. + a2ps | [] [] | + bash | [] [] [] | + bison | [] [] [] [] | + clisp | [] [] [] [] | + cpio | [] [] [] | + diffutils | [] [] [] [] [] | + enscript | [] [] | + error | [] | + fileutils | [] [] [] [] [] [] [] [] | + findutils | [] [] [] [] [] [] | + flex | [] [] | + gcal | | + gcc | | + gettext | [] [] [] [] [] [] [] [] [] | + gnupg | [] [] [] [] | + grep | [] [] [] [] [] [] [] [] [] [] | + hello | [] [] [] [] [] [] [] | + id-utils | [] | + indent | [] [] [] [] [] | + libc | [] [] [] [] [] [] [] [] | + lilypond | | + lynx | [] [] [] | + m4 | [] [] [] [] [] [] | + make | [] [] [] [] | + music | [] | + parted | [] [] | + ptx | [] [] [] [] [] [] [] | + python | | + recode | [] [] [] [] [] [] [] | + sed | [] [] [] [] [] [] [] | + sh-utils | [] [] [] [] [] [] [] [] [] | + sharutils | [] [] [] [] [] [] | + tar | [] [] [] [] [] [] [] | + texinfo | [] [] [] [] | + textutils | [] [] [] [] [] [] [] | + util-linux | | + wdiff | [] [] [] [] [] | + wget | [] [] [] [] [] [] [] [] | + `----------------------------------------------' + bg cs da de el en eo es et fi fr gl hr id it + 1 14 15 28 11 1 4 19 12 1 30 16 0 3 12 + + ja ko lv nl no pl pt pt_BR ru sk sl sv zh + .-------------------------------------------. + a2ps | [] [] [] | 5 + bash | | 3 + bison | [] [] [] | 7 + clisp | [] | 5 + cpio | [] [] [] [] [] | 8 + diffutils | [] [] [] | 8 + enscript | [] [] | 4 + error | | 1 + fileutils | [] [] [] [] [] [] [] [] [] | 17 + findutils | [] [] [] [] [] [] | 12 + flex | [] [] [] | 5 + gcal | | 0 + gcc | [] | 1 + gettext | [] [] [] [] [] [] [] [] [] | 18 + gnupg | [] [] [] | 7 + grep | [] [] [] [] [] [] [] | 17 + hello | [] [] [] [] [] [] [] [] | 15 + id-utils | [] [] [] | 4 + indent | [] [] [] [] [] | 10 + libc | [] [] [] [] [] [] [] [] | 16 + lilypond | [] [] | 2 + lynx | [] [] [] [] | 7 + m4 | [] [] [] [] [] | 11 + make | [] [] [] [] [] | 9 + music | [] | 2 + parted | [] [] [] [] | 6 + ptx | [] [] [] [] [] [] | 13 + python | | 0 + recode | [] [] [] | 10 + sed | [] [] [] [] [] [] [] | 14 + sh-utils | [] [] [] [] [] [] [] [] [] [] | 19 + sharutils | [] [] [] [] | 10 + tar | [] [] [] [] [] [] [] [] | 15 + texinfo | [] [] | 6 + textutils | [] [] [] [] [] [] [] [] | 15 + util-linux | [] | 1 + wdiff | [] [] [] [] [] | 10 + wget | [] [] [] [] [] [] [] [] [] | 17 + `-------------------------------------------' + 28 teams ja ko lv nl no pl pt pt_BR ru sk sl sv zh + 38 domains 20 8 0 25 6 18 1 16 27 9 10 20 3 330 Some counters in the preceding matrix are higher than the number of visible blocks let us expect. This is because a few extra PO files are @@ -221,6 +268,25 @@ distributed as such by its maintainer. There might be an observable lag between the mere existence a PO file and its wide availability in a distribution. - If December 1997 seems to be old, you may fetch a more recent copy -of this `ABOUT-NLS' file on most GNU archive sites. + If July 2000 seems to be old, you may fetch a more recent copy of +this `ABOUT-NLS' file on most GNU archive sites. The most up-to-date +matrix with full percentage details can be found at +`http://www.iro.umontreal.ca/contrib/po/HTML/matrix.html'. + +Using `gettext' in new packages +=============================== + + If you are writing a freely available program and want to +internationalize it you are welcome to use GNU `gettext' in your +package. Of course the GNU Public License applies to your sources from +then if you include `gettext' directly in your distribution on but +since you are writing free software anyway this is no restriction. + + Once the sources are change appropriately and the setup can handle to +use of `gettext' the only thing missing are the translations. The Free +Translation Project is also available for packages which are not +developed inside the GNU project. Therefore the information given above +applies also for every other Free Software Project. Contact +`translation@iro.umontreal.ca' to make the `.pot' files available to +the translation teams. diff --git a/src/net.c b/src/net.c index ce1d5e9..c3f89ca 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.104 2001/05/04 18:45:02 guus Exp $ + $Id: net.c,v 1.35.4.105 2001/05/07 19:08:43 guus Exp $ */ #include "config.h" @@ -134,12 +134,12 @@ cp /* Encrypt the packet. */ - outpkt.len = inpkt->len; + RAND_bytes(inpkt->salt, sizeof(inpkt->salt)); EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len); - EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len); - EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad); - outlen += outpad + 2; + EVP_EncryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len + sizeof(inpkt->salt)); + EVP_EncryptFinal(&ctx, outpkt.salt + outlen, &outpad); + outlen += outpad; total_socket_out += outlen; @@ -147,7 +147,7 @@ cp to.sin_addr.s_addr = htonl(cl->address); to.sin_port = htons(cl->port); - if((sendto(myself->socket, (char *) &(outpkt.len), outlen, 0, (const struct sockaddr *)&to, tolen)) < 0) + if((sendto(myself->socket, (char *) outpkt.salt, outlen, 0, (const struct sockaddr *)&to, tolen)) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), cl->name, cl->hostname); @@ -172,14 +172,13 @@ void receive_udppacket(connection_t *cl, vpn_packet_t *inpkt) int outlen, outpad; EVP_CIPHER_CTX ctx; cp - outpkt.len = inpkt->len; - /* Decrypt the packet */ EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len); - EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len + 8); - EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad); + EVP_DecryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len); + EVP_DecryptFinal(&ctx, outpkt.salt + outlen, &outpad); outlen += outpad; + outpkt.len = outlen - sizeof(outpkt.salt); receive_packet(cl, &outpkt); cp @@ -576,7 +575,7 @@ cp return -1; } - ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0]))); + ncn->address = ntohl(*((ipv4_t*)(h->h_addr_list[0]))); ncn->hostname = hostlookup(htonl(ncn->address)); if(setup_outgoing_meta_socket(ncn) < 0) @@ -806,7 +805,7 @@ cp myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len; myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength); - RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength); + RAND_pseudo_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength); if(!(cfg = get_config_val(config, config_keyexpire))) keylifetime = 3600; @@ -1046,7 +1045,6 @@ void handle_incoming_vpn_data(void) { vpn_packet_t pkt; int x, l = sizeof(x); - int lenin; struct sockaddr_in from; socklen_t fromlen = sizeof(from); connection_t *cl; @@ -1063,7 +1061,7 @@ cp return; } - if((lenin = recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, (struct sockaddr *)&from, &fromlen)) <= 0) + if((pkt.len = recvfrom(myself->socket, (char *) pkt.salt, MTU, 0, (struct sockaddr *)&from, &fromlen)) <= 0) { syslog(LOG_ERR, _("Receiving packet failed: %m")); return; diff --git a/src/net.h b/src/net.h index 3028300..6323b2a 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.29 2001/03/04 13:59:28 guus Exp $ + $Id: net.h,v 1.9.4.30 2001/05/07 19:08:46 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -27,8 +27,9 @@ #include "config.h" -#define MAXSIZE 1700 /* should be a bit more than the MTU for the tapdevice */ +#define MAXSIZE 1700 /* should be a bit more than the MTU for the tapdevice */ #define MTU 1600 +#define SALTLEN 2 /* to spice things up for the NSA... */ #define MAC_ADDR_S "%02x:%02x:%02x:%02x:%02x:%02x" #define MAC_ADDR_V(x) ((unsigned char*)&(x))[0],((unsigned char*)&(x))[1], \ @@ -58,8 +59,6 @@ typedef struct mac_t typedef unsigned long ipv4_t; -typedef ipv4_t ip_t; /* alias for ipv4_t */ - typedef struct ipv6_t { unsigned short x[8]; @@ -70,7 +69,8 @@ typedef unsigned short port_t; typedef short length_t; typedef struct vpn_packet_t { - length_t len; /* the actual number of bytes in the `data' field */ + length_t len; /* the actual number of bytes in the `data' field */ + unsigned char salt[SALTLEN]; /* two bytes of randomness */ unsigned char data[MAXSIZE]; } vpn_packet_t; diff --git a/src/netutl.c b/src/netutl.c index e9f74d0..562b105 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.18 2001/01/07 17:09:02 guus Exp $ + $Id: netutl.c,v 1.12.4.19 2001/05/07 19:08:46 guus Exp $ */ #include "config.h" @@ -106,7 +106,7 @@ cp } ip = xmalloc(sizeof(*ip)); - ip->address = ntohl(*((ip_t*)(h->h_addr_list[0]))); + ip->address = ntohl(*((ipv4_t*)(h->h_addr_list[0]))); ip->mask = masker ? ~((1 << (32 - masker)) - 1) : 0; cp diff --git a/src/protocol.c b/src/protocol.c index 625c709..cd63ad0 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.86 2001/03/13 21:33:31 guus Exp $ + $Id: protocol.c,v 1.28.4.87 2001/05/07 19:08:46 guus Exp $ */ #include "config.h" @@ -915,7 +915,7 @@ cp int del_host_h(connection_t *cl) { char name[MAX_STRING_SIZE]; - ip_t address; + ipv4_t address; port_t port; long int options; connection_t *old, *p; -- 2.25.1