VERSION | 2 +- doc/client.texi | 3 +++ doc/download.texi | 7 ++++++- doc/index.texi | 2 ++ doc/modes.ru.texi | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++ doc/modes.texi | 112 +++++++++++++++++++++++++++++++++++++++++++++++++++++ doc/news.ru.texi | 8 ++++++++ doc/news.texi | 8 ++++++++ doc/russian.texi | 2 ++ src/cypherpunks.ru/govpn/cmd/govpn-client/main.go | 18 ++++++++++++------ diff --git a/VERSION b/VERSION index 3659ea2fa3a7771c8641de0cdbf8c0a02e47e49c..95ee81a411792c5d968d8b3f783e35e690aaeaed 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -5.8 +5.9 diff --git a/doc/client.texi b/doc/client.texi index d3a7f418bb73bb807bc8ea4bc945861bfecbb600..58dc74bb2f3a8f3bd1e549769e0dfd7766a9e62d 100644 --- a/doc/client.texi +++ b/doc/client.texi @@ -37,6 +37,9 @@ @item -timeout @ref{Timeout} setting in seconds. +@item -noreconnect +Disable reconnection after timeout. + @item -timesync Optional @ref{Timesync, time synchronization} requirement. If set to zero, then no synchronization required. diff --git a/doc/download.texi b/doc/download.texi index 721e4f9a561b996cc1e651ba7c506fd77acf55ad..b8c8aaf62d44a7a54ef0720da8ca506482c4a208 100644 --- a/doc/download.texi +++ b/doc/download.texi @@ -1,10 +1,15 @@ @node Tarballs @section Prepared tarballs -You can obtain releases source code prepared tarballs from the links below: +You can obtain releases source code prepared tarballs from the links below +(or use @url{https://sourceforge.net/projects/govpn/files/, Sourceforge mirror}): @multitable {XXXXX} {XXXX KiB} {link sign} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx} @headitem Version @tab Size @tab Tarball @tab SHA256 checksum + +@item @ref{Release 5.8, 5.8} @tab 312 KiB +@tab @url{download/govpn-5.8.tar.xz, link} @url{download/govpn-5.8.tar.xz.sig, sign} +@tab @code{a730dc3bbb97bc412a80f529b0f3043e70d011387f5d579cbd2e29964ddf94f4} @item @ref{Release 5.7, 5.7} @tab 312 KiB @tab @url{download/govpn-5.7.tar.xz, link} @url{download/govpn-5.7.tar.xz.sig, sign} diff --git a/doc/index.texi b/doc/index.texi index e8b91e875cdfea7730f9c907135fd7fe0d053ea2..b962eacf8d83d27661cd3e1e4c0a67c00d6e125a 100644 --- a/doc/index.texi +++ b/doc/index.texi @@ -28,6 +28,7 @@ @menu * Frequently Asked Questions: FAQ. * News:: +* Modes of operation:: * Информация на русском: Русский. * Installation:: * Precautions:: @@ -41,6 +42,7 @@ @end menu @include faq.texi @include news.texi +@include modes.texi @include russian.texi @include installation.texi @include precautions.texi diff --git a/doc/modes.ru.texi b/doc/modes.ru.texi new file mode 100644 index 0000000000000000000000000000000000000000..572779909c948eb39086b0ba24e8b8a060d4283a --- /dev/null +++ b/doc/modes.ru.texi @@ -0,0 +1,111 @@ +@node Режимы работы +@section Режимы работы + +Есть три режима работы и два режима обеспечения конфиденциальности данных. + +Три режима работы предоставляют компромиссы между потреблением ресурсов +и эффективностью. + +@table @asis + +@item Режим по-умолчанию. + +Пакеты с данными зашифрованы и аутентифицированы и посылаются сразу же. +Это наиболее эффективный режим с минимальными накладными расходами и +задержками. + +@verbatim + +-----------+ +-----+ +---------+ +------+ + | DATA | |DATA | | DATA | | DATA | + +-----------+ +-----+ +---------+ +------+ + +---------------------------------------------------------------------------------------> t +@end verbatim + +@item @ref{Noise, Шумовой} режим. + +Этот режим прячет длины пакетов. Как правило, он потребляет больше +трафика. + +@verbatim + +------const------+ +------const------+ +------const------+ +/ \ / \ / \ + ++------+------------+ +---------+---------+ +-------------+-----+ +| DATA | NOISE | | DATA | NOISE | | DATA |NOISE| ++------+------------+ +---------+---------+ +-------------+-----+ + +---------------------------------------------------------------------------------------> t +@end verbatim + +@item Режим постоянной @ref{CPR, скорости пакетов}. + +Этот режим ещё и прячет временные характеристики пакетов. Он может +увеличить задержки и вставлять пустые шумовые пакеты. + +@verbatim + +------const------+ +------const------+ +------const------+ +/ \ / \ / \ + ++------+------------+ +---------+---------+ +-------------------+ +| DATA | NOISE |<--const-->| DATA | NOISE |<--const-->| NOISE | ++------+------------+ +---------+---------+ +-------------------+ + +---------------------------------------------------------------------------------------> t +@end verbatim + +@end table + +Режимы обеспечения конфиденциальности также являются компромиссом между +эффективностью и потреблением ресурсов. + +@table @asis + +@item @ref{Transport, Стандартный} режим. + +Шифрование и аутентификация производятся используя хорошо известные +алгоритмы. Это очень эффективный режим. Он генерирует пакеты неотличимые +от шума. + +@verbatim ++---------------------------------------------------------+ +| PACKET | +| | +| +-----+ +---------------------------+ +-------+ | +| | TAG |/ CIPHERTEXT \ / NONCE \ | +| +-----+|-----------------------------||-----------| | +| | || | | ++---------------------------------------------------------+ + | || | + |-----------------------------||-----------| + | ENCRYPTION || MAC | + +------------+---+------------++-----------+ + | DATA |PAD| ZEROS || SERIAL | + +------------+---+------------++-----------+ +@end verbatim + +@item @ref{Encless, Нешифрованный} режим. + +Этот режим не использует какие-либо функции шифрования. Вместо этого +используется Chaffing-and-Winnowing кодирование поверх AONT +(всё-или-ничего) пакета данных. Этот режим потребляет ощутимо больше +ресурсов и трафика. Он также генерирует неотличимые от шума пакеты. + +@verbatim ++----------------------------------------------------+ +| PACKET | +| | +| +---------------------------+ +---------+ | +| / CIPHERTEXT \/ NONCE \ | +| |-----------------------------||-----------| | +| | || | | ++----------------------------------------------------+ + | || | + |--------+--------------------||-----------| + |Chaffing| AONT || MAC | + +--------+---+---+------------++-----------+ + | DATA |PAD| ZEROS || SERIAL | + +------------+---+------------++-----------+ +@end verbatim + +@end table diff --git a/doc/modes.texi b/doc/modes.texi new file mode 100644 index 0000000000000000000000000000000000000000..e3a2fc01a75c5d4977d218b35d1aa000f77bbcea --- /dev/null +++ b/doc/modes.texi @@ -0,0 +1,112 @@ +@node Modes of operation +@unnumbered Modes of operation + +See also this page @ref{Режимы работы, on russian}. + +There are three modes of operation and two modes of data confidentiality +protection. + +Three modes of operation provide various trade-off between +resource-consumption and effectiveness. + +@table @asis + +@item Default mode. + +Data packets are encrypted and authenticated and sent immediately. This +is the most effective mode with minimal overhead and delays. + +@verbatim + +-----------+ +-----+ +---------+ +------+ + | DATA | |DATA | | DATA | | DATA | + +-----------+ +-----+ +---------+ +------+ + +---------------------------------------------------------------------------------------> t +@end verbatim + +@item @ref{Noise} mode. + +This mode hides packet's lengths. It consumes more traffic as a rule. + +@verbatim + +------const------+ +------const------+ +------const------+ +/ \ / \ / \ + ++------+------------+ +---------+---------+ +-------------+-----+ +| DATA | NOISE | | DATA | NOISE | | DATA |NOISE| ++------+------------+ +---------+---------+ +-------------+-----+ + +---------------------------------------------------------------------------------------> t +@end verbatim + +@item @ref{CPR} mode. + +This mode also hides packets timestamps. It can increase delays and +insert dummy noised packets. + +@verbatim + +------const------+ +------const------+ +------const------+ +/ \ / \ / \ + ++------+------------+ +---------+---------+ +-------------------+ +| DATA | NOISE |<--const-->| DATA | NOISE |<--const-->| NOISE | ++------+------------+ +---------+---------+ +-------------------+ + +---------------------------------------------------------------------------------------> t +@end verbatim + +@end table + +Confidentiality protection modes are also trade-off between +effectiveness and resource-consumption. + +@table @asis + +@item @ref{Transport, Default} mode. + +Encryption and authentication is done using well-known algorithms. This +is very effective mode. It generates packets undistinguishable from the +noise. + +@verbatim ++---------------------------------------------------------+ +| PACKET | +| | +| +-----+ +---------------------------+ +-------+ | +| | TAG |/ CIPHERTEXT \ / NONCE \ | +| +-----+|-----------------------------||-----------| | +| | || | | ++---------------------------------------------------------+ + | || | + |-----------------------------||-----------| + | ENCRYPTION || MAC | + +------------+---+------------++-----------+ + | DATA |PAD| ZEROS || SERIAL | + +------------+---+------------++-----------+ +@end verbatim + +@item @ref{Encless, Encryptionless} mode. + +This mode does not use any encryption function. Chaffing-and-Winnowing +encoding is used over AONT (all-or-nothing) package instead. This mode +consumes much more traffic and resources. It also generated +undistinguishable from the noise packets. + +@verbatim ++----------------------------------------------------+ +| PACKET | +| | +| +---------------------------+ +---------+ | +| / CIPHERTEXT \/ NONCE \ | +| |-----------------------------||-----------| | +| | || | | ++----------------------------------------------------+ + | || | + |--------+--------------------||-----------| + |Chaffing| AONT || MAC | + +--------+---+---+------------++-----------+ + | DATA |PAD| ZEROS || SERIAL | + +------------+---+------------++-----------+ +@end verbatim + +@end table diff --git a/doc/news.ru.texi b/doc/news.ru.texi index 6ea418170abf2d2f22d739fbdfae762544ea6b72..a3981d35b804fe12e81226849ccaecd0951bc40b 100644 --- a/doc/news.ru.texi +++ b/doc/news.ru.texi @@ -1,6 +1,14 @@ @node Новости @section Новости +@node Релиз 5.9 +@subsection Релиз 5.9 +@itemize +@item Клиент переподключается в цикле когда соединение потеряно. +Опционально вы можете отключить это поведение: клиент сразу же выйдет, +как и делал раньше. +@end itemize + @node Релиз 5.8 @subsection Релиз 5.8 @itemize diff --git a/doc/news.texi b/doc/news.texi index f363b846307e944ba69d94cdda795c0156adde26..3fa2169ee0d1f0b1c6f844b3668f50b13f666656 100644 --- a/doc/news.texi +++ b/doc/news.texi @@ -3,6 +3,14 @@ @unnumbered News See also this page @ref{Новости, on russian}. +@node Release 5.9 +@section Release 5.9 +@itemize +@item Client reconnects in the loop when connection is lost. Optionally +you can disable that behaviour: client will exit immediately, as it +previously did. +@end itemize + @node Release 5.8 @section Release 5.8 @itemize diff --git a/doc/russian.texi b/doc/russian.texi index ed35584ff38e8ec16eae262ee72f8000981019b0..e6716501cd4ba61637ccd557815638f2638dc3bc 100644 --- a/doc/russian.texi +++ b/doc/russian.texi @@ -5,8 +5,10 @@ @menu * О демоне:: * Часто задаваемые вопросы: ЧАВО. * Новости:: +* Режимы работы:: @end menu @include about.ru.texi @include faq.ru.texi @include news.ru.texi +@include modes.ru.texi diff --git a/src/cypherpunks.ru/govpn/cmd/govpn-client/main.go b/src/cypherpunks.ru/govpn/cmd/govpn-client/main.go index 3d8cbe65953fd935f480a9aefde3efec28ed61d8..98a5b21e6418953620a6b262e02ce69a028bb98b 100644 --- a/src/cypherpunks.ru/govpn/cmd/govpn-client/main.go +++ b/src/cypherpunks.ru/govpn/cmd/govpn-client/main.go @@ -45,6 +45,7 @@ proxyAuth = flag.String("proxy-auth", "", "user:password Basic proxy auth") mtu = flag.Int("mtu", govpn.MTUDefault, "MTU of TAP interface") timeoutP = flag.Int("timeout", 60, "Timeout seconds") timeSync = flag.Int("timesync", 0, "Time synchronization requirement") + noreconnect = flag.Bool("noreconnect", false, "Disable reconnection after timeout") noisy = flag.Bool("noise", false, "Enable noise appending") encless = flag.Bool("encless", false, "Encryptionless mode") cpr = flag.Int("cpr", 0, "Enable constant KiB/sec out traffic rate") @@ -78,6 +79,12 @@ log.Println("Using", *egdPath, "EGD") govpn.EGDInit(*egdPath) } + if *proxyAddr != "" { + *proto = "tcp" + } + if !(*proto == "udp" || *proto == "tcp") { + log.Fatalln("Unknown protocol specified") + } if *verifierRaw == "" { log.Fatalln("No verifier specified") } @@ -139,9 +146,6 @@ for { timeouted := make(chan struct{}) rehandshaking := make(chan struct{}) termination := make(chan struct{}) - if *proxyAddr != "" { - *proto = "tcp" - } switch *proto { case "udp": go startUDP(timeouted, rehandshaking, termination) @@ -151,8 +155,6 @@ go proxyTCP(timeouted, rehandshaking, termination) } else { go startTCP(timeouted, rehandshaking, termination) } - default: - log.Fatalln("Unknown protocol specified") } select { case <-termSignal: @@ -160,7 +162,11 @@ govpn.BothPrintf(`[finish remote="%s"]`, *remoteAddr) termination <- struct{}{} break MainCycle case <-timeouted: - break MainCycle + if *noreconnect { + break MainCycle + } + govpn.BothPrintf(`[sleep seconds="%d"]`, timeout) + time.Sleep(time.Second * time.Duration(timeout)) case <-rehandshaking: } close(timeouted)