Mercurial > hg > quicktun
annotate src/common.c @ 64:fa53d1c54886
Use default RNG for key generation, added options to generate public key from private key, use bundled tweetnacl as fallback instead of nacl download
author | Ivo Smits <Ivo@UFO-Net.nl> |
---|---|
date | Sat, 07 Jan 2017 18:07:27 +0100 |
parents | fa4983c5f7ea |
children | c87212fe8883 |
rev | line source |
---|---|
0 | 1 /* Copyright 2010 Ivo Smits <Ivo@UCIS.nl>. All rights reserved. |
2 Redistribution and use in source and binary forms, with or without modification, are | |
3 permitted provided that the following conditions are met: | |
4 | |
5 1. Redistributions of source code must retain the above copyright notice, this list of | |
6 conditions and the following disclaimer. | |
7 | |
8 2. Redistributions in binary form must reproduce the above copyright notice, this list | |
9 of conditions and the following disclaimer in the documentation and/or other materials | |
10 provided with the distribution. | |
11 | |
12 THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED | |
13 WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND | |
14 FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR | |
15 CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
16 CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
17 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON | |
18 ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
19 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF | |
20 ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
21 | |
22 The views and conclusions contained in the software and documentation are those of the | |
23 authors and should not be interpreted as representing official policies, either expressed | |
24 or implied, of Ivo Smits.*/ | |
25 | |
26 #include <stdio.h> | |
27 #include <stdlib.h> | |
28 #include <string.h> | |
29 #include <fcntl.h> | |
55
5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
Ivo Smits <Ivo@UCIS.nl>
parents:
54
diff
changeset
|
30 #include <unistd.h> |
36
1fe62a94c28a
Added option SETUID to drop privileges
Ivo Smits <Ivo@UCIS.nl>
parents:
35
diff
changeset
|
31 #include <pwd.h> |
55
5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
Ivo Smits <Ivo@UCIS.nl>
parents:
54
diff
changeset
|
32 #include <grp.h> |
0 | 33 #ifndef HAVE_NETINET_IN_H |
34 #include <netinet/in.h> | |
35 #endif | |
36 #include <sys/ioctl.h> | |
7 | 37 #include <sys/socket.h> |
0 | 38 #include <poll.h> |
39 #include <netdb.h> | |
40 #include <stdlib.h> | |
55
5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
Ivo Smits <Ivo@UCIS.nl>
parents:
54
diff
changeset
|
41 #include <arpa/inet.h> |
8
6d86596d8884
Fixed BSD support, improved randombytes/secret key generation
ivo <Ivo@UCIS.nl>
parents:
7
diff
changeset
|
42 #include <net/if.h> |
64
fa53d1c54886
Use default RNG for key generation, added options to generate public key from private key, use bundled tweetnacl as fallback instead of nacl download
Ivo Smits <Ivo@UFO-Net.nl>
parents:
63
diff
changeset
|
43 #include <stdbool.h> |
7 | 44 #ifdef linux |
45 #include <linux/if_tun.h> | |
46 #include <linux/if_ether.h> | |
47 #else | |
48 #define ETH_FRAME_LEN 1514 | |
49 #include <net/if_tun.h> | |
13 | 50 #ifdef SOLARIS |
51 #include <sys/stropts.h> | |
52 #include <sys/sockio.h> | |
53 #endif | |
7 | 54 #endif |
0 | 55 |
56 #define MAX_PACKET_LEN (ETH_FRAME_LEN+4) //Some space for optional packet information | |
57 | |
47
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
58 typedef union { |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
59 struct sockaddr any; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
60 struct sockaddr_in ip4; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
61 struct sockaddr_in6 ip6; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
62 } sockaddr_any; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
63 |
0 | 64 struct qtsession; |
65 struct qtproto { | |
66 int encrypted; | |
67 int buffersize_raw; | |
68 int buffersize_enc; | |
69 int offset_raw; | |
70 int offset_enc; | |
71 int (*encode)(struct qtsession* sess, char* raw, char* enc, int len); | |
72 int (*decode)(struct qtsession* sess, char* enc, char* raw, int len); | |
73 int (*init)(struct qtsession* sess); | |
74 int protocol_data_size; | |
41
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
75 void (*idle)(struct qtsession* sess); |
0 | 76 }; |
77 struct qtsession { | |
78 struct qtproto protocol; | |
79 void* protocol_data; | |
80 int fd_socket; | |
81 int fd_dev; | |
82 int remote_float; | |
47
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
83 sockaddr_any remote_addr; |
35
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
84 int use_pi; |
41
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
85 int poll_timeout; |
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
86 void (*sendnetworkpacket)(struct qtsession* sess, char* msg, int len); |
0 | 87 }; |
88 | |
89 #ifdef COMBINED_BINARY | |
90 extern char* (*getconf)(const char*); | |
91 extern int errorexit(const char*); | |
92 extern int errorexitp(const char*); | |
93 extern void print_header(); | |
55
5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
Ivo Smits <Ivo@UCIS.nl>
parents:
54
diff
changeset
|
94 extern void hex2bin(unsigned char*, const char*, const int); |
22
38d495566d1c
Re-added some debugging messages to nacltai protocol code, enabled by the DEBUG environment variable
Ivo Smits <Ivo@UCIS.nl>
parents:
15
diff
changeset
|
95 extern int debug; |
55
5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
Ivo Smits <Ivo@UCIS.nl>
parents:
54
diff
changeset
|
96 extern int qtrun(struct qtproto* p); |
5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
Ivo Smits <Ivo@UCIS.nl>
parents:
54
diff
changeset
|
97 extern int qtprocessargs(int argc, char** argv); |
0 | 98 #else |
99 | |
100 char* (*getconf)(const char*) = getenv; | |
22
38d495566d1c
Re-added some debugging messages to nacltai protocol code, enabled by the DEBUG environment variable
Ivo Smits <Ivo@UCIS.nl>
parents:
15
diff
changeset
|
101 int debug = 0; |
38
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
102 static int gargc = 0; |
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
103 static char** gargv = NULL; |
0 | 104 |
105 int errorexit(const char* text) { | |
106 fprintf(stderr, "%s\n", text); | |
107 return -1; | |
108 } | |
52
3115f8af98bb
Added support for libsodium, fixed bug in USE_PI compatibility mode, improved timestamp checking in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
49
diff
changeset
|
109 int errorexit2(const char* text, const char* error) { |
3115f8af98bb
Added support for libsodium, fixed bug in USE_PI compatibility mode, improved timestamp checking in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
49
diff
changeset
|
110 fprintf(stderr, "%s: %s\n", text, error); |
3115f8af98bb
Added support for libsodium, fixed bug in USE_PI compatibility mode, improved timestamp checking in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
49
diff
changeset
|
111 return -1; |
3115f8af98bb
Added support for libsodium, fixed bug in USE_PI compatibility mode, improved timestamp checking in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
49
diff
changeset
|
112 } |
0 | 113 int errorexitp(const char* text) { |
114 perror(text); | |
115 return -1; | |
116 } | |
117 | |
118 void print_header() { | |
61
66d9d80215f0
Fixed -h and -v return status, fixed source file permissions (thanks github.com/rotty)
Ivo Smits <Ivo@UFO-Net.nl>
parents:
59
diff
changeset
|
119 fprintf(stderr, "UCIS QuickTun "QT_VERSION" (c) 2010-2017 Ivo Smits <Ivo@UCIS.nl>\n"); |
22
38d495566d1c
Re-added some debugging messages to nacltai protocol code, enabled by the DEBUG environment variable
Ivo Smits <Ivo@UCIS.nl>
parents:
15
diff
changeset
|
120 fprintf(stderr, "More information: http://wiki.ucis.nl/QuickTun\n"); |
0 | 121 } |
122 | |
47
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
123 static int is_all_zero(void* buf, int size) { |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
124 int i; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
125 char* bb = (char*)buf; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
126 for (i = 0; i < size; i++) if (bb[i] != 0) return 0; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
127 return 1; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
128 } |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
129 static int sockaddr_is_zero_address(sockaddr_any* sa) { |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
130 int af = sa->any.sa_family; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
131 if (af == AF_INET) return is_all_zero(&sa->ip4.sin_addr, sizeof(struct in_addr)); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
132 if (af == AF_INET6) return is_all_zero(&sa->ip6.sin6_addr, sizeof(struct in6_addr)); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
133 return is_all_zero(sa, sizeof(sockaddr_any)); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
134 } |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
135 static int sockaddr_set_port(sockaddr_any* sa, int port) { |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
136 port = htons(port); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
137 int af = sa->any.sa_family; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
138 if (af == AF_INET) sa->ip4.sin_port = port; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
139 else if (af == AF_INET6) sa->ip6.sin6_port = port; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
140 else return errorexit("Unknown address family"); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
141 return 0; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
142 } |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
143 static int sockaddr_equal(sockaddr_any* a, sockaddr_any* b) { |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
144 if (a->any.sa_family != b->any.sa_family) return 0; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
145 if (a->any.sa_family == AF_INET) return a->ip4.sin_port == b->ip4.sin_port && a->ip4.sin_addr.s_addr == b->ip4.sin_addr.s_addr; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
146 if (a->any.sa_family == AF_INET6) return a->ip6.sin6_port == b->ip6.sin6_port && memcmp(&a->ip6.sin6_addr, &b->ip6.sin6_addr, sizeof(struct in6_addr)) == 0 && a->ip6.sin6_scope_id == b->ip6.sin6_scope_id; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
147 return memcmp(a, b, sizeof(sockaddr_any)) == 0; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
148 } |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
149 static void sockaddr_to_string(sockaddr_any* sa, char* str, int strbuflen) { |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
150 if (sa->any.sa_family == AF_INET) { |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
151 if (!inet_ntop(AF_INET, &sa->ip4.sin_addr, str, strbuflen)) str[0] = 0; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
152 int i = strlen(str); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
153 snprintf(str + i, strbuflen - i, ":%u", ntohs(sa->ip4.sin_port)); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
154 } else if (sa->any.sa_family == AF_INET6) { |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
155 if (!inet_ntop(AF_INET6, &sa->ip6.sin6_addr, str, strbuflen)) str[0] = 0; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
156 int i = strlen(str); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
157 snprintf(str + i, strbuflen - i, "%%%d:%u", sa->ip6.sin6_scope_id, ntohs(sa->ip6.sin6_port)); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
158 } else { |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
159 strncpy(str, "Unknown AF", strbuflen); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
160 } |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
161 str[strbuflen - 1] = 0; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
162 } |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
163 |
41
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
164 static int init_udp(struct qtsession* session) { |
0 | 165 char* envval; |
6
cf9b44b46be5
Use stderr for output instead of stdout, added debugging code to nacltai
root <root@Really.UFO-Net.nl>
parents:
4
diff
changeset
|
166 fprintf(stderr, "Initializing UDP socket...\n"); |
47
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
167 struct addrinfo *ai_local = NULL, *ai_remote = NULL; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
168 unsigned short af = 0; |
52
3115f8af98bb
Added support for libsodium, fixed bug in USE_PI compatibility mode, improved timestamp checking in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
49
diff
changeset
|
169 int ret; |
55
5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
Ivo Smits <Ivo@UCIS.nl>
parents:
54
diff
changeset
|
170 if ((envval = getconf("LOCAL_ADDRESS"))) { |
5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
Ivo Smits <Ivo@UCIS.nl>
parents:
54
diff
changeset
|
171 if ((ret = getaddrinfo(envval, NULL, NULL, &ai_local))) return errorexit2("getaddrinfo(LOCAL_ADDRESS)", gai_strerror(ret)); |
47
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
172 if (!ai_local) return errorexit("LOCAL_ADDRESS lookup failed"); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
173 if (ai_local->ai_addrlen > sizeof(sockaddr_any)) return errorexit("Resolved LOCAL_ADDRESS is too big"); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
174 af = ai_local->ai_family; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
175 } |
55
5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
Ivo Smits <Ivo@UCIS.nl>
parents:
54
diff
changeset
|
176 if ((envval = getconf("REMOTE_ADDRESS"))) { |
5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
Ivo Smits <Ivo@UCIS.nl>
parents:
54
diff
changeset
|
177 if ((ret = getaddrinfo(envval, NULL, NULL, &ai_remote))) return errorexit2("getaddrinfo(REMOTE_ADDRESS)", gai_strerror(ret)); |
47
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
178 if (!ai_remote) return errorexit("REMOTE_ADDRESS lookup failed"); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
179 if (ai_remote->ai_addrlen > sizeof(sockaddr_any)) return errorexit("Resolved REMOTE_ADDRESS is too big"); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
180 if (af && af != ai_remote->ai_family) return errorexit("Address families do not match"); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
181 af = ai_remote->ai_family; |
0 | 182 } |
47
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
183 if (!af) af = AF_INET; |
57
4c083d81f5a8
Fixes for OpenBSD (thanks to Pi <pi-quicktun@mrtheplague.net> and SeekingFor)
Ivo Smits <Ivo@UCIS.nl>
parents:
55
diff
changeset
|
184 int sa_size = sizeof(sockaddr_any); |
4c083d81f5a8
Fixes for OpenBSD (thanks to Pi <pi-quicktun@mrtheplague.net> and SeekingFor)
Ivo Smits <Ivo@UCIS.nl>
parents:
55
diff
changeset
|
185 if (af == AF_INET) sa_size = sizeof(struct sockaddr_in); |
4c083d81f5a8
Fixes for OpenBSD (thanks to Pi <pi-quicktun@mrtheplague.net> and SeekingFor)
Ivo Smits <Ivo@UCIS.nl>
parents:
55
diff
changeset
|
186 else if (af == AF_INET6) sa_size = sizeof(struct sockaddr_in6); |
47
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
187 int sfd = socket(af, SOCK_DGRAM, IPPROTO_UDP); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
188 if (sfd < 0) return errorexitp("Could not create UDP socket"); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
189 sockaddr_any udpaddr; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
190 memset(&udpaddr, 0, sizeof(udpaddr)); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
191 udpaddr.any.sa_family = af; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
192 if (ai_local) memcpy(&udpaddr, ai_local->ai_addr, ai_local->ai_addrlen); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
193 int port = 2998; |
55
5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
Ivo Smits <Ivo@UCIS.nl>
parents:
54
diff
changeset
|
194 if ((envval = getconf("LOCAL_PORT"))) port = atoi(envval); |
47
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
195 if (sockaddr_set_port(&udpaddr, port)) return -1; |
57
4c083d81f5a8
Fixes for OpenBSD (thanks to Pi <pi-quicktun@mrtheplague.net> and SeekingFor)
Ivo Smits <Ivo@UCIS.nl>
parents:
55
diff
changeset
|
196 if (bind(sfd, &udpaddr.any, sa_size)) return errorexitp("Could not bind socket"); |
47
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
197 memset(&udpaddr, 0, sizeof(udpaddr)); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
198 udpaddr.any.sa_family = af; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
199 if (ai_remote) memcpy(&udpaddr, ai_remote->ai_addr, ai_remote->ai_addrlen); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
200 if (!ai_remote || sockaddr_is_zero_address(&udpaddr)) { |
0 | 201 session->remote_float = 1; |
202 } else { | |
12
e4b60d041491
Make sure that the session buffer is zero
Ivo Smits <Ivo@UCIS.nl>
parents:
9
diff
changeset
|
203 session->remote_float = getconf("REMOTE_FLOAT") ? 1 : 0; |
47
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
204 port = 2998; |
55
5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
Ivo Smits <Ivo@UCIS.nl>
parents:
54
diff
changeset
|
205 if ((envval = getconf("REMOTE_PORT"))) port = atoi(envval); |
47
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
206 if (sockaddr_set_port(&udpaddr, port)) return -1; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
207 session->remote_addr = udpaddr; |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
208 if (session->remote_float) { |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
209 session->remote_float = 2; |
2
b2c7c83a1dda
Accept 0.0.0.0 remote address for float mode
ivo <ivo@UFO-Net.nl>
parents:
0
diff
changeset
|
210 } else { |
57
4c083d81f5a8
Fixes for OpenBSD (thanks to Pi <pi-quicktun@mrtheplague.net> and SeekingFor)
Ivo Smits <Ivo@UCIS.nl>
parents:
55
diff
changeset
|
211 if (connect(sfd, &udpaddr.any, sa_size)) return errorexitp("Could not connect socket"); |
0 | 212 } |
213 } | |
47
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
214 if (ai_local) freeaddrinfo(ai_local); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
215 if (ai_remote) freeaddrinfo(ai_remote); |
0 | 216 session->fd_socket = sfd; |
217 return sfd; | |
218 } | |
219 | |
41
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
220 static int init_tuntap(struct qtsession* session) { |
0 | 221 char* envval; |
7 | 222 fprintf(stderr, "Initializing tun/tap device...\n"); |
0 | 223 int ttfd; //Tap device file descriptor |
35
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
224 int tunmode = 0; |
55
5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
Ivo Smits <Ivo@UCIS.nl>
parents:
54
diff
changeset
|
225 if ((envval = getconf("TUN_MODE"))) tunmode = atoi(envval); |
35
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
226 session->use_pi = 0; |
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
227 if (tunmode && (envval = getconf("USE_PI"))) session->use_pi = atoi(envval); |
54
4ff8003d0973
Fix for OpenBSD tun/tap initialization
Ivo Smits <Ivo@UCIS.nl>
parents:
52
diff
changeset
|
228 #if defined(__linux__) |
15
1fa5b5fa49e1
Fixed a race condition caused by reception of ICMP errors
Ivo Smits <Ivo@UCIS.nl>
parents:
13
diff
changeset
|
229 struct ifreq ifr; //required for tun/tap setup |
1fa5b5fa49e1
Fixed a race condition caused by reception of ICMP errors
Ivo Smits <Ivo@UCIS.nl>
parents:
13
diff
changeset
|
230 memset(&ifr, 0, sizeof(ifr)); |
1fa5b5fa49e1
Fixed a race condition caused by reception of ICMP errors
Ivo Smits <Ivo@UCIS.nl>
parents:
13
diff
changeset
|
231 if ((ttfd = open("/dev/net/tun", O_RDWR)) < 0) return errorexitp("Could not open tun/tap device file"); |
55
5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
Ivo Smits <Ivo@UCIS.nl>
parents:
54
diff
changeset
|
232 if ((envval = getconf("INTERFACE"))) strcpy(ifr.ifr_name, envval); |
35
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
233 ifr.ifr_flags = tunmode ? IFF_TUN : IFF_TAP; |
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
234 if (!session->use_pi) ifr.ifr_flags |= IFF_NO_PI; |
15
1fa5b5fa49e1
Fixed a race condition caused by reception of ICMP errors
Ivo Smits <Ivo@UCIS.nl>
parents:
13
diff
changeset
|
235 if (ioctl(ttfd, TUNSETIFF, (void *)&ifr) < 0) return errorexitp("TUNSETIFF ioctl failed"); |
32
51c6d2fc712f
Fixes contributed by Daniel Dickinson <daniel@cshore.neomailbox.net>
Ivo Smits <Ivo@UCIS.nl>
parents:
30
diff
changeset
|
236 #elif defined SOLARIS |
13 | 237 int ip_fd = -1, if_fd = -1, ppa = 0; |
15
1fa5b5fa49e1
Fixed a race condition caused by reception of ICMP errors
Ivo Smits <Ivo@UCIS.nl>
parents:
13
diff
changeset
|
238 if ((ttfd = open("/dev/tun", O_RDWR)) < 0) return errorexitp("Could not open tun device file"); |
1fa5b5fa49e1
Fixed a race condition caused by reception of ICMP errors
Ivo Smits <Ivo@UCIS.nl>
parents:
13
diff
changeset
|
239 if ((ip_fd = open("/dev/ip", O_RDWR, 0)) < 0) return errorexitp("Could not open /dev/ip"); |
1fa5b5fa49e1
Fixed a race condition caused by reception of ICMP errors
Ivo Smits <Ivo@UCIS.nl>
parents:
13
diff
changeset
|
240 if ((envval = getconf("INTERFACE"))) { |
1fa5b5fa49e1
Fixed a race condition caused by reception of ICMP errors
Ivo Smits <Ivo@UCIS.nl>
parents:
13
diff
changeset
|
241 while (*envval && !isdigit((int)*envval)) envval++; |
1fa5b5fa49e1
Fixed a race condition caused by reception of ICMP errors
Ivo Smits <Ivo@UCIS.nl>
parents:
13
diff
changeset
|
242 ppa = atoi(envval); |
1fa5b5fa49e1
Fixed a race condition caused by reception of ICMP errors
Ivo Smits <Ivo@UCIS.nl>
parents:
13
diff
changeset
|
243 } |
1fa5b5fa49e1
Fixed a race condition caused by reception of ICMP errors
Ivo Smits <Ivo@UCIS.nl>
parents:
13
diff
changeset
|
244 if ((ppa = ioctl(ttfd, TUNNEWPPA, ppa)) < 0) return errorexitp("Could not assign new PPA"); |
1fa5b5fa49e1
Fixed a race condition caused by reception of ICMP errors
Ivo Smits <Ivo@UCIS.nl>
parents:
13
diff
changeset
|
245 if ((if_fd = open("/dev/tun", O_RDWR, 0)) < 0) return errorexitp("Could not open tun device file again"); |
1fa5b5fa49e1
Fixed a race condition caused by reception of ICMP errors
Ivo Smits <Ivo@UCIS.nl>
parents:
13
diff
changeset
|
246 if (ioctl(if_fd, I_PUSH, "ip") < 0) return errorexitp("Could not push IP module"); |
1fa5b5fa49e1
Fixed a race condition caused by reception of ICMP errors
Ivo Smits <Ivo@UCIS.nl>
parents:
13
diff
changeset
|
247 if (ioctl(if_fd, IF_UNITSEL, (char *)&ppa) < 0) return errorexitp("Could not set PPA"); |
1fa5b5fa49e1
Fixed a race condition caused by reception of ICMP errors
Ivo Smits <Ivo@UCIS.nl>
parents:
13
diff
changeset
|
248 if (ioctl(ip_fd, I_LINK, if_fd) < 0) return errorexitp("Could not link TUN device to IP"); |
7 | 249 #else |
15
1fa5b5fa49e1
Fixed a race condition caused by reception of ICMP errors
Ivo Smits <Ivo@UCIS.nl>
parents:
13
diff
changeset
|
250 if (!(envval = getconf("INTERFACE"))) envval = "/dev/tun0"; |
1fa5b5fa49e1
Fixed a race condition caused by reception of ICMP errors
Ivo Smits <Ivo@UCIS.nl>
parents:
13
diff
changeset
|
251 if ((ttfd = open(envval, O_RDWR)) < 0) return errorexitp("Could not open tun device file"); |
35
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
252 if (tunmode) { |
33
422f3582bd38
Possible fix for tun mode on FreeBSD
Ivo Smits <Ivo@UCIS.nl>
parents:
32
diff
changeset
|
253 int i = IFF_POINTOPOINT | IFF_MULTICAST; |
34
b876afa5a72a
Fixed the build script and FreeBSD tun mode
Ivo Smits <Ivo@UCIS.nl>
parents:
33
diff
changeset
|
254 ioctl(ttfd, TUNSIFMODE, &i); |
54
4ff8003d0973
Fix for OpenBSD tun/tap initialization
Ivo Smits <Ivo@UCIS.nl>
parents:
52
diff
changeset
|
255 #if defined(__OpenBSD__) |
4ff8003d0973
Fix for OpenBSD tun/tap initialization
Ivo Smits <Ivo@UCIS.nl>
parents:
52
diff
changeset
|
256 if (!session->use_pi) session->use_pi = 2; |
4ff8003d0973
Fix for OpenBSD tun/tap initialization
Ivo Smits <Ivo@UCIS.nl>
parents:
52
diff
changeset
|
257 #else |
35
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
258 i = session->use_pi ? 1 : 0; |
34
b876afa5a72a
Fixed the build script and FreeBSD tun mode
Ivo Smits <Ivo@UCIS.nl>
parents:
33
diff
changeset
|
259 ioctl(ttfd, TUNSIFHEAD, &i); |
54
4ff8003d0973
Fix for OpenBSD tun/tap initialization
Ivo Smits <Ivo@UCIS.nl>
parents:
52
diff
changeset
|
260 #endif |
33
422f3582bd38
Possible fix for tun mode on FreeBSD
Ivo Smits <Ivo@UCIS.nl>
parents:
32
diff
changeset
|
261 } |
15
1fa5b5fa49e1
Fixed a race condition caused by reception of ICMP errors
Ivo Smits <Ivo@UCIS.nl>
parents:
13
diff
changeset
|
262 #endif |
55
5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
Ivo Smits <Ivo@UCIS.nl>
parents:
54
diff
changeset
|
263 if ((envval = getconf("TUN_UP_SCRIPT"))) system(envval); |
35
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
264 session->fd_dev = ttfd; |
0 | 265 return ttfd; |
266 } | |
267 | |
64
fa53d1c54886
Use default RNG for key generation, added options to generate public key from private key, use bundled tweetnacl as fallback instead of nacl download
Ivo Smits <Ivo@UFO-Net.nl>
parents:
63
diff
changeset
|
268 bool hex2bin(unsigned char* dest, const char* src, const int count) { |
0 | 269 int i; |
270 for (i = 0; i < count; i++) { | |
271 if (*src >= '0' && *src <= '9') *dest = *src - '0'; | |
272 else if (*src >= 'a' && * src <='f') *dest = *src - 'a' + 10; | |
273 else if (*src >= 'A' && * src <='F') *dest = *src - 'A' + 10; | |
64
fa53d1c54886
Use default RNG for key generation, added options to generate public key from private key, use bundled tweetnacl as fallback instead of nacl download
Ivo Smits <Ivo@UFO-Net.nl>
parents:
63
diff
changeset
|
274 else return false; |
0 | 275 src++; *dest = *dest << 4; |
276 if (*src >= '0' && *src <= '9') *dest += *src - '0'; | |
277 else if (*src >= 'a' && *src <= 'f') *dest += *src - 'a' + 10; | |
278 else if (*src >= 'A' && *src <= 'F') *dest += *src - 'A' + 10; | |
64
fa53d1c54886
Use default RNG for key generation, added options to generate public key from private key, use bundled tweetnacl as fallback instead of nacl download
Ivo Smits <Ivo@UFO-Net.nl>
parents:
63
diff
changeset
|
279 else return false; |
0 | 280 src++; dest++; |
281 } | |
64
fa53d1c54886
Use default RNG for key generation, added options to generate public key from private key, use bundled tweetnacl as fallback instead of nacl download
Ivo Smits <Ivo@UFO-Net.nl>
parents:
63
diff
changeset
|
282 return true; |
0 | 283 } |
284 | |
41
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
285 static int drop_privileges() { |
36
1fe62a94c28a
Added option SETUID to drop privileges
Ivo Smits <Ivo@UCIS.nl>
parents:
35
diff
changeset
|
286 char* envval; |
49 | 287 struct passwd *pw = NULL; |
55
5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
Ivo Smits <Ivo@UCIS.nl>
parents:
54
diff
changeset
|
288 if ((envval = getconf("SETUID"))) { |
49 | 289 pw = getpwnam(envval); |
290 if (!pw) return errorexitp("getpwnam"); | |
291 } | |
55
5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
Ivo Smits <Ivo@UCIS.nl>
parents:
54
diff
changeset
|
292 if ((envval = getconf("CHROOT"))) { |
49 | 293 if (chroot(envval)) return errorexitp("chroot"); |
294 if (chdir("/")) return errorexitp("chdir /"); | |
295 } | |
296 if (pw) { | |
36
1fe62a94c28a
Added option SETUID to drop privileges
Ivo Smits <Ivo@UCIS.nl>
parents:
35
diff
changeset
|
297 if (setgroups(0, NULL) == -1) return errorexitp("setgroups"); |
1fe62a94c28a
Added option SETUID to drop privileges
Ivo Smits <Ivo@UCIS.nl>
parents:
35
diff
changeset
|
298 if (setgid(pw->pw_gid) == -1) return errorexitp("setgid"); |
1fe62a94c28a
Added option SETUID to drop privileges
Ivo Smits <Ivo@UCIS.nl>
parents:
35
diff
changeset
|
299 if (setuid(pw->pw_uid) == -1) return errorexitp("setuid"); |
1fe62a94c28a
Added option SETUID to drop privileges
Ivo Smits <Ivo@UCIS.nl>
parents:
35
diff
changeset
|
300 } |
55
5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
Ivo Smits <Ivo@UCIS.nl>
parents:
54
diff
changeset
|
301 return 0; |
36
1fe62a94c28a
Added option SETUID to drop privileges
Ivo Smits <Ivo@UCIS.nl>
parents:
35
diff
changeset
|
302 } |
1fe62a94c28a
Added option SETUID to drop privileges
Ivo Smits <Ivo@UCIS.nl>
parents:
35
diff
changeset
|
303 |
41
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
304 static void qtsendnetworkpacket(struct qtsession* session, char* msg, int len) { |
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
305 if (session->remote_float == 0) { |
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
306 len = write(session->fd_socket, msg, len); |
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
307 } else if (session->remote_float == 2) { |
63
fa4983c5f7ea
Fix floating remote mode on NetBSD
Ivo Smits <Ivo@UFO-Net.nl>
parents:
61
diff
changeset
|
308 int sa_size = sizeof(sockaddr_any); |
fa4983c5f7ea
Fix floating remote mode on NetBSD
Ivo Smits <Ivo@UFO-Net.nl>
parents:
61
diff
changeset
|
309 if (session->remote_addr.any.sa_family == AF_INET) sa_size = sizeof(struct sockaddr_in); |
fa4983c5f7ea
Fix floating remote mode on NetBSD
Ivo Smits <Ivo@UFO-Net.nl>
parents:
61
diff
changeset
|
310 else if (session->remote_addr.any.sa_family == AF_INET6) sa_size = sizeof(struct sockaddr_in6); |
fa4983c5f7ea
Fix floating remote mode on NetBSD
Ivo Smits <Ivo@UFO-Net.nl>
parents:
61
diff
changeset
|
311 len = sendto(session->fd_socket, msg, len, 0, (struct sockaddr*)&session->remote_addr, sa_size); |
41
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
312 } |
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
313 } |
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
314 |
0 | 315 int qtrun(struct qtproto* p) { |
22
38d495566d1c
Re-added some debugging messages to nacltai protocol code, enabled by the DEBUG environment variable
Ivo Smits <Ivo@UCIS.nl>
parents:
15
diff
changeset
|
316 if (getconf("DEBUG")) debug = 1; |
0 | 317 struct qtsession session; |
41
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
318 session.poll_timeout = -1; |
0 | 319 session.protocol = *p; |
6
cf9b44b46be5
Use stderr for output instead of stdout, added debugging code to nacltai
root <root@Really.UFO-Net.nl>
parents:
4
diff
changeset
|
320 |
29
7c5e5be876bb
Small fix to error handling during initialization
Ivo Smits <Ivo@UCIS.nl>
parents:
28
diff
changeset
|
321 if (init_udp(&session) < 0) return -1; |
6
cf9b44b46be5
Use stderr for output instead of stdout, added debugging code to nacltai
root <root@Really.UFO-Net.nl>
parents:
4
diff
changeset
|
322 int sfd = session.fd_socket; |
cf9b44b46be5
Use stderr for output instead of stdout, added debugging code to nacltai
root <root@Really.UFO-Net.nl>
parents:
4
diff
changeset
|
323 |
41
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
324 session.sendnetworkpacket = qtsendnetworkpacket; |
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
325 |
35
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
326 if (init_tuntap(&session) < 0) return -1; |
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
327 int ttfd = session.fd_dev; |
0 | 328 |
329 char protocol_data[p->protocol_data_size]; | |
12
e4b60d041491
Make sure that the session buffer is zero
Ivo Smits <Ivo@UCIS.nl>
parents:
9
diff
changeset
|
330 memset(protocol_data, 0, p->protocol_data_size); |
57
4c083d81f5a8
Fixes for OpenBSD (thanks to Pi <pi-quicktun@mrtheplague.net> and SeekingFor)
Ivo Smits <Ivo@UCIS.nl>
parents:
55
diff
changeset
|
331 session.protocol_data = protocol_data; |
27
5ba185ca7102
Fixed error checking during initialization, restructured code a bit to make it even simpler
Ivo Smits <Ivo@UCIS.nl>
parents:
22
diff
changeset
|
332 if (p->init && p->init(&session) < 0) return -1; |
0 | 333 |
36
1fe62a94c28a
Added option SETUID to drop privileges
Ivo Smits <Ivo@UCIS.nl>
parents:
35
diff
changeset
|
334 if (drop_privileges() < 0) return -1; |
1fe62a94c28a
Added option SETUID to drop privileges
Ivo Smits <Ivo@UCIS.nl>
parents:
35
diff
changeset
|
335 |
6
cf9b44b46be5
Use stderr for output instead of stdout, added debugging code to nacltai
root <root@Really.UFO-Net.nl>
parents:
4
diff
changeset
|
336 fprintf(stderr, "The tunnel is now operational!\n"); |
0 | 337 |
338 struct pollfd fds[2]; | |
339 fds[0].fd = ttfd; | |
340 fds[0].events = POLLIN; | |
341 fds[1].fd = sfd; | |
342 fds[1].events = POLLIN; | |
343 | |
35
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
344 int pi_length = 0; |
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
345 if (session.use_pi == 2) pi_length = 4; |
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
346 |
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
347 char buffer_raw_a[p->buffersize_raw + pi_length]; |
0 | 348 char buffer_enc_a[p->buffersize_enc]; |
349 char* buffer_raw = buffer_raw_a; | |
350 char* buffer_enc = buffer_enc_a; | |
351 | |
352 while (1) { | |
41
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
353 int len = poll(fds, 2, session.poll_timeout); |
0 | 354 if (len < 0) return errorexitp("poll error"); |
355 else if (fds[0].revents & (POLLERR | POLLHUP | POLLNVAL)) return errorexit("poll error on tap device"); | |
356 else if (fds[1].revents & (POLLHUP | POLLNVAL)) return errorexit("poll error on udp socket"); | |
41
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
357 if (len == 0 && p->idle) p->idle(&session); |
0 | 358 if (fds[0].revents & POLLIN) { |
35
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
359 len = read(ttfd, buffer_raw + p->offset_raw, p->buffersize_raw + pi_length); |
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
360 if (len < pi_length) errorexit("read packet smaller than header from tun device"); |
0 | 361 if (session.remote_float == 0 || session.remote_float == 2) { |
35
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
362 len = p->encode(&session, buffer_raw + pi_length, buffer_enc, len - pi_length); |
0 | 363 if (len < 0) return len; |
41
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
364 if (len == 0) continue; //encoding is not yet possible |
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
365 qtsendnetworkpacket(&session, buffer_enc + p->offset_enc, len); |
0 | 366 } |
367 } | |
15
1fa5b5fa49e1
Fixed a race condition caused by reception of ICMP errors
Ivo Smits <Ivo@UCIS.nl>
parents:
13
diff
changeset
|
368 if (fds[1].revents & POLLERR) { |
1fa5b5fa49e1
Fixed a race condition caused by reception of ICMP errors
Ivo Smits <Ivo@UCIS.nl>
parents:
13
diff
changeset
|
369 int out; |
55
5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
Ivo Smits <Ivo@UCIS.nl>
parents:
54
diff
changeset
|
370 socklen_t slen = sizeof(out); |
5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
Ivo Smits <Ivo@UCIS.nl>
parents:
54
diff
changeset
|
371 getsockopt(sfd, SOL_SOCKET, SO_ERROR, &out, &slen); |
15
1fa5b5fa49e1
Fixed a race condition caused by reception of ICMP errors
Ivo Smits <Ivo@UCIS.nl>
parents:
13
diff
changeset
|
372 fprintf(stderr, "Received error %d on udp socket\n", out); |
1fa5b5fa49e1
Fixed a race condition caused by reception of ICMP errors
Ivo Smits <Ivo@UCIS.nl>
parents:
13
diff
changeset
|
373 } |
0 | 374 if (fds[1].revents & POLLIN) { |
47
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
375 sockaddr_any recvaddr; |
0 | 376 socklen_t recvaddr_len = sizeof(recvaddr); |
377 if (session.remote_float == 0) { | |
378 len = read(sfd, buffer_enc + p->offset_enc, p->buffersize_enc); | |
379 } else { | |
380 len = recvfrom(sfd, buffer_enc + p->offset_enc, p->buffersize_enc, 0, (struct sockaddr*)&recvaddr, &recvaddr_len); | |
381 } | |
382 if (len < 0) { | |
59
2f4d333f7500
Fix SO_ERROR ouput type
Andreas Rottmann <a.rottmann@gmx.at>
parents:
57
diff
changeset
|
383 int out; |
55
5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
Ivo Smits <Ivo@UCIS.nl>
parents:
54
diff
changeset
|
384 socklen_t slen = sizeof(out); |
5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
Ivo Smits <Ivo@UCIS.nl>
parents:
54
diff
changeset
|
385 getsockopt(sfd, SOL_SOCKET, SO_ERROR, &out, &slen); |
59
2f4d333f7500
Fix SO_ERROR ouput type
Andreas Rottmann <a.rottmann@gmx.at>
parents:
57
diff
changeset
|
386 fprintf(stderr, "Received end of file on udp socket (error %d)\n", out); |
0 | 387 } else { |
35
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
388 len = p->decode(&session, buffer_enc, buffer_raw + pi_length, len); |
41
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
389 if (len < 0) continue; |
47
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
390 if (session.remote_float != 0 && !sockaddr_equal(&session.remote_addr, &recvaddr)) { |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
391 char epname[INET6_ADDRSTRLEN + 1 + 2 + 1 + 5]; //addr%scope:port |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
392 sockaddr_to_string(&recvaddr, epname, sizeof(epname)); |
e896392f7e03
Added support for connecting over IPv6
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
393 fprintf(stderr, "Remote endpoint has changed to %s\n", epname); |
0 | 394 session.remote_addr = recvaddr; |
395 session.remote_float = 2; | |
396 } | |
41
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
397 if (len > 0 && session.use_pi == 2) { |
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
398 int ipver = (buffer_raw[p->offset_raw + pi_length] >> 4) & 0xf; |
35
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
399 int pihdr = 0; |
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
400 #if defined linux |
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
401 if (ipver == 4) pihdr = 0x0000 | (0x0008 << 16); //little endian: flags and protocol are swapped |
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
402 else if (ipver == 6) pihdr = 0x0000 | (0xdd86 << 16); |
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
403 #else |
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
404 if (ipver == 4) pihdr = htonl(AF_INET); |
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
405 else if (ipver == 6) pihdr = htonl(AF_INET6); |
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
406 #endif |
52
3115f8af98bb
Added support for libsodium, fixed bug in USE_PI compatibility mode, improved timestamp checking in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
49
diff
changeset
|
407 *(int*)(buffer_raw + p->offset_raw) = pihdr; |
35
a1ec0d6b6f13
Added USE_PI=2 setting to automatically add/remove packet information header
Ivo Smits <Ivo@UCIS.nl>
parents:
34
diff
changeset
|
408 } |
41
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
409 if (len > 0) write(ttfd, buffer_raw + p->offset_raw, len + pi_length); |
0 | 410 } |
411 } | |
412 } | |
413 return 0; | |
414 } | |
38
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
415 |
41
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
39
diff
changeset
|
416 static char* getconfcmdargs(const char* name) { |
38
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
417 int i; |
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
418 for (i = 1; i < gargc - 2; i++) { |
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
419 if (strcmp(gargv[i], "-c")) continue; |
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
420 if (strcmp(gargv[i + 1], name)) continue; |
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
421 return gargv[i + 2]; |
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
422 } |
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
423 return NULL; |
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
424 } |
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
425 |
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
426 int qtprocessargs(int argc, char** argv) { |
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
427 int i; |
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
428 for (i = 1; i < argc; i++) { |
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
429 char* a = argv[i]; |
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
430 if (!strcmp(a, "-h") || !strcmp(a, "--help")) { |
61
66d9d80215f0
Fixed -h and -v return status, fixed source file permissions (thanks github.com/rotty)
Ivo Smits <Ivo@UFO-Net.nl>
parents:
59
diff
changeset
|
431 printf("Please read the documentation at http://wiki.ucis.nl/QuickTun\n"); |
66d9d80215f0
Fixed -h and -v return status, fixed source file permissions (thanks github.com/rotty)
Ivo Smits <Ivo@UFO-Net.nl>
parents:
59
diff
changeset
|
432 return 0; |
38
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
433 } else if (!strcmp(a, "-v") || !strcmp(a, "--version")) { |
61
66d9d80215f0
Fixed -h and -v return status, fixed source file permissions (thanks github.com/rotty)
Ivo Smits <Ivo@UFO-Net.nl>
parents:
59
diff
changeset
|
434 printf("UCIS QuickTun "QT_VERSION"\n"); |
66d9d80215f0
Fixed -h and -v return status, fixed source file permissions (thanks github.com/rotty)
Ivo Smits <Ivo@UFO-Net.nl>
parents:
59
diff
changeset
|
435 return 0; |
38
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
436 } else if (!strcmp(a, "-c")) { |
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
437 gargc = argc; |
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
438 gargv = argv; |
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
439 getconf = getconfcmdargs; |
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
440 i += 2; |
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
441 } else { |
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
442 return errorexit("Unexpected command line argument"); |
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
443 } |
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
444 } |
61
66d9d80215f0
Fixed -h and -v return status, fixed source file permissions (thanks github.com/rotty)
Ivo Smits <Ivo@UFO-Net.nl>
parents:
59
diff
changeset
|
445 return 1; |
38
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
36
diff
changeset
|
446 } |
0 | 447 #endif |
30
6f0e6b7dc088
Fixed build script to support multiple abis on one machine, bugfix in code, minor improvements
Ivo Smits <Ivo@UCIS.nl>
parents:
29
diff
changeset
|
448 |